Re: [whatwg] Passwords


Hi Anne, hi All: 

Here, in EEA I've noticed and see the same reasons that Glenn exposes,
with subtle emphasis on the reasons three , four and five. 



Delfi Ramirez

My digital signature [1]

+34 633 589231 [2] 

twitter: delfinramirez

 IRC: segonquart Skype: segonquart [3] [4]

On 2014-10-19 19:35, Glenn Maynard wrote: 

> On Sat, Oct 18, 2014 at 2:50 PM, Anne van Kesteren <>
> wrote:
>> I'd be interested in hearing why sites such as forums have not made the switch yet. If you're hosting passwords it seems downright irresponsible at this point to not use TLS.
> The most common reasons I've seen are:
> - People asking "why would this page need encryption?", which is always the
> wrong question. (The right question is "why does this page need to not
> have encryption?")
> - People don't want to jump the hoops to get a certificate and install it.
> I still have to search to find the right OpenSSL magic commands, and it
> still takes fiddling to get TLS enabled on web servers. (It should require
> editing two or three lines to enable it on Apache, not uncommenting dozens
> of lines of sample configuration then figuring out how to sync it up to
> your HTTP configuration. I suspect Apache can do this much more simply,
> and that the sample configurations that come with installations are just
> garbage...)
> - People don't want to pay for a certificate. (There's StartSSL, but when
> I tried it, it was so bad that I prefer to pay GoDaddy. That should say a
> lot given how bad *that* site is...)
> - They don't want the additional latency that TLS causes. I assume this is
> why Amazon puts most of the storefront on HTTP, and only selectively
> switches to HTTPS. (They've put a lot of design behind making this secure,
> but most authors can't do that, and it still has a big privacy cost.) This
> is at least a valid issue.
> - Some web services don't support HTTPS. (There's no excuse for this, but
> saying that doesn't make the problem go away. I don't recall particular
> examples.)

[3] skype:segonquart

Received on Sunday, 19 October 2014 22:40:23 UTC