HTTP should be banned in favor of HTTPS with self signed certificates IMO. And a sweet addition to this would be to present a JavaScript API which can access the digital fingerprint of the key the server used:
GetFingerprint(domain) => string // where domain is a domain that has been accessed by the current page.
well excuse me, some of us are making money on the web.
plz go back to writing toy LISP interpreters in HASKELL and leave me alone. Maybe for your next project you could build a HASKELL to LISP compiler? One that runs on PLAN9 exclusively?
Name:
Anonymous2014-12-09 13:38
well excuse me, some of us are making money on the academia.
plz go back to writing toy LUA interpreters in JAVASHIT and leave me alone. Maybe for your next project you could build a JAVASHIT to RUBY compiler? One that runs on CHROME exclusively?
CAs are almost useless, so self-signed certs are the only reasonable way to go. The validation should be done with web of trust a la PGP, this is the only reliable way.
HTTPS itself is, in many cases, analyzable, and in many others, already broken. It's not the panacea for security and privacy that many people (who don't know much about these protocols nor crypto) thinks. Using TLS for everything is a waste of energy.
Also, todays WWW is pretty disgusting: making everything a WEB APP that uses tens of javashit libraries and languages that compiles to javashit, using jewson restful apis everywhere, putting all ur shit in thousands of cdns, tracking everybody, all your data on le cloud, analyzing users with poor ML algorithms and delivering ``special content'' based on its results. So why do you want to encrypt anything? The Antichrist is here /prog/, and you can not escape!
>>7 The internet apocalypse is truly here. And to think, this is how people choose to use the internet. This is how people use the technology mankind has developed.