|
|
|
|
|
|
by castell
3575 days ago
|
|
|
I am with you. In many use cases HTTP 1 is fine. And as we have seen with the Hearthbleed bug, if you cannot devote resources to keep your HTTPS up-to-date all the time 24x7, it makes your server and the user sessions more insecure. And often providing HTTP and HTTPS makes sense too. So I am against labeling HTTP as "evil" or legacy. We should look who has an interest in doing just that, and why they are forming initiatives. Beside all that pretty much all ad-networks serve HTTP ads, so if you want to loose much of your ad revenue, please go with the HTTPS-only route and face the real world surprise. |
|
|