|
|
|
|
|
|
by naf77
1980 days ago
|
|
|
HTTPS only is a "Fail Closed" system, ie it blocks access in case of failure. This is safe for the general population. HTTPS/HTTP mixed support is a "Fail Open" system, ie it allows (unencrypted) access in case of failure. This is unsafe for the general population, see QUANTUM (above). |
|
|
In the same way, HTTPs only, *requiring* a system that "fails open", is bad for the general population. HTTP+HTTPS, yes, definitely. HTTPS only, no, only for sites and contexts where the rigid security is justified.