[members-discuss] [ncc-announce] [news] RIPE NCC website becoming HTTPS-only

Hello Paul,

Dne 22.1.2015 v 16:48 Paul Civati napsal(a):
> 2. There have been far more security holes in https/TLS/SSL of recent
> than plain HTTP as far as I can tell.  Therefore I would say that https
> is less secure unless you have sensitive information to transport.

Do you have any citation on this? Given the fact that HTTPS is plain
HTTP with added TLS encryption layer, I cannot see any _technical_* way
it could be less secure than plain HTTP. All recent security holes
discovered in TLS could have been used only to view the plaintext, ie.
the same text that HTTP transmits openly.

*) OK there may be a social part of the problem that some well educated
users could share some confidental information using HTTPS but not HTTP.
But it's not the case here since as you pointed out, www.ripe.net is
mainly informational website with almost no personal or confidental data.


Best regards,

Ondřej Caletka
CESNET

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5580 bytes
Desc: Elektronicky podpis S/MIME
URL: <https://www.ripe.net/ripe/mail/archives/members-discuss/attachments/20150123/184b61b9/attachment.p7s>