[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] TLS-"transport layer security" & LYNX

From: David Niklas
Subject: Re: [Lynx-dev] TLS-"transport layer security" & LYNX
Date: Sat, 28 Jul 2018 11:26:57 -0400

On Tue, 24 Jul 2018 09:14:25 +0100
David Woolley <address@hidden> wrote:
> On 24/07/18 01:31, Mouse wrote:
> > Actually, in my case, it's the fault of webservers that refuse to
> > serve anything over HTTP except a redirect to HTTPS.  I neither have
> > nor want HTTPS support.
> >   
> They are just following an industry trend orchestrated by Google.  In 
> particular, having a non-HTTPS site will result in appearing a long way 
> down the Google search results.  Most sites are either their to sell 
> something, or to sell people to advertisers, so they want a good google 
> ranking.
> Even when the contents is the primary reason for the site, hosting
> costs have to be paid, and that is often done by advertising.
> It's difficult to get a good explanation for the policy, but my guess
> is that is the number of people accessing from mobile devices using
> public hot spots.

The reason that https is being mandated is so that everyone has
protection from the NSA and other governments and companies (and I have
personally, and frequently encountered all of the above, here in the US),
manipulating connections, blocking connections that are deemed
"unwanted / illegal / etc.", and spying on user agents.
"Illegal" often has nothing to do with traditional (i.e. Christian),
morality and more to do with the ruling classes desire not to face any
dissension from exterior sources.
Thus governments and companies are faced with the choice of either
blocking the whole domain or non at all.
And connection manipulation becomes impossible, but that does not stop US
companies and the government from manipulating anything that is not
If a site offers both http and https then the US government will actually
go as far as blocking the https version. I am referring to the
US libraries here.
This is not to mention the "sign on" pages that you encounter when you
visit any number of "open" wifi access points.

All that being said, I'd be interested in knowing what Thorsten Glaser
was talking about with respect to TLS 1.3. I though, perhaps somewhat
naively, that all headers, cookies, and the resource(s) you are
requesting are encrypted thus nothing could be leaked / manipulated / or
affected during the session. The best an adversary could do was guess
what you asked for.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]