Hacker News new | ask | show | jobs
by phkamp 4070 days ago
"Should we use HTTPS" is very much a closed question, and for a lot of sites the answer is a resounding "NO".

The fact that you might not use those sites doesn't mean that we who deliver tools for them can just ignore them, or even worse, impose our political agenda on them.

You can do HTTPS with Varnish if you want to, but you'll have to do it with the architecturally and security-wise most sensible configuration: With a SSL terminating proxy in front of Varnish.

And again: Talk to your legislators about peoples right to privacy, I'm just pointing out that such laws exist, I'm not writing them (or for that matter agreeing with them.)
1 comments
pornel 4070 days ago
In places like jails, schools, and libraries (where the owner can add a compromised CA cert and users don't have permissions to remove it) it's entirely possible to MITM and decrypt all TLS traffic, so I don't get why you're still arguing as if that wasn't the case.

While the long tail of sites isn't on HTTPS yet, the most popular ones are HTTPS-only already, and the result is that in Chrome HTTPS sites are browsed more often than HTTP sites:

https://plus.google.com/+IlyaGrigorik/posts/7VSuQ66qA3C

link