undefined | Better HN

0 pointsopportune6y ago0 comments

You don't need "SSL" (TLS, https, etc.) to serve static, uncontroversial content

0 comments

4 comments · 3 top-level

wnevets6y ago· 1 in thread

That's absolutely untrue. For example a man in the middle could intercept and modify the page.

https://www.troyhunt.com/heres-why-your-static-website-needs...

opportuneOP6y ago

This was a good article, I concede the point.

mqus6y ago

That only covers the "encryption" part of SSL/TLS.

If there is any incentive to fake your content (e.g. for phishing or other attacks, or even simply spreading false information), you'll also want the "authenticity" part of TLS for preventing middlemen from arbitrarily changing content.

nickserv6y ago

With Let's Encrypt you really have no reason not too though. And what's not controversial in one country may be in another.

j / k navigate · click thread line to collapse