This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[members-discuss] [ncc-announce] [news] RIPE NCC websitebecoming HTTPS-only
- Previous message (by thread): [members-discuss] [ncc-announce] [news] RIPE NCC website becoming HTTPS-only
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jørgen Hovland
jorgen at ssc.net
Fri Jan 23 10:24:18 CET 2015
Den 23.01.2015 09:24, skrev Ondřej Caletka: > Hello Paul, > > Dne 22.1.2015 v 16:48 Paul Civati napsal(a): >> 2. There have been far more security holes in https/TLS/SSL of recent >> than plain HTTP as far as I can tell. Therefore I would say that https >> is less secure unless you have sensitive information to transport. > Do you have any citation on this? Not trying to start an off-topic discussion, but: If you browse the web for security vulnerabilities in TLS/encryption-software you will clearly find a lot of matches. Some even extremely critical. Therefore, any service imlementing encryption will have more security holes than if it did not implement encryption. This is unquestionable. When it comes to being less secure, I agree that it would be correct to state that a non-sensitive site will be less secure with encryption enabled simply because there is no security gain in supporting encryption - but you do however get added security holes. In the mail from RIPE they say that they are adding SSO, so the site will eventually become sensitive and therefore need TLS.
- Previous message (by thread): [members-discuss] [ncc-announce] [news] RIPE NCC website becoming HTTPS-only
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]