Hacker News new | ask | show | jobs
Paulgraham.com doesn't use SSL Certificate? (paulgraham.com)
7 points by adychandra 1862 days ago
10 comments
Nicksil 1862 days ago
Ask HN: Why Isn't Paulgraham.com on HTTPS? https://news.ycombinator.com/item?id=25214264

Paul Graham still does not offer HTTPS on his site https://news.ycombinator.com/item?id=23059825

Ask HN: Why Doesn't Paul Graham Get a SSL Certificate? https://news.ycombinator.com/item?id=24351945

Why doesn't pg use HTTPS on his site? https://news.ycombinator.com/item?id=27065639

link
thesimon 1862 days ago
No

https://crt.sh/?q=paulgraham.com

link
caseyscottmckay 1862 days ago
Does it need it? All the site does is show you text.
link
Sohcahtoa82 1862 days ago
Yes, static sites still need HTTPS. Troy Hunt explains it well:

https://www.troyhunt.com/heres-why-your-static-website-needs...

link
dvfjsdhgfv 1862 days ago
N-gate has done a good job of debunking these arguments (google for "Discourse on HTTPS n-gate").
link
netflixandkill 1862 days ago
I used to be of this opinion but enough ISPs and other intermediaries will happily MITM http (and DNS) if they can to inject ads or redirects to affiliates.

With modern hardware and letsencrypt, getting SSL going is about close to free and less effort than what most "just text" sites do for their content.

link
wayneftw 1862 days ago
One thing that I don't like about unsecure sites is that, depending on the ISP or Wifi access point, they might inject things into the stream.
link
halfdan 1862 days ago
Yes, because not having it will still leave your browsing on that site succeptible to MITM attacks.
link
_6mdd 1862 days ago
>Does it need it?

Yes. It's that simple.

link
adydaddy 1862 days ago
Then why investor due diligence teams ask for ssl , policies around SSL, if this is not important?
link
mattmanser 1862 days ago
Protecting form data, ajax, etc which the site doesn't really have.

SSL can also stop your ISP infecting content, but if they're doing that you've got a crap ISP.

link
dmingod666 1862 days ago
Can't access on the phone, chrome shows a safety screen (probably can bypass it)
link
adychandra 1862 days ago
but still my only submission is that if SSL is one of criteria;s in all Due dils, then how it would be difficult to add one PG;s site? or why to make such a big fuss around it?
link
benmmurphy 1862 days ago
it looks like it is vhosted with store.yahoo.com

his site is probably only meant to serve HTTP but gets HTTPS with the wrong cert because of the vhosting of the other site.

link
adydaddy 1862 days ago
It is supposedly integrated with Yahoo store although defunct and has a search text box as well.
link
diogenesjunior 1862 days ago
Of course it gets flagged
link
adychandra 1862 days ago
umm interesting. reading threads nick you have shared.
link