Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One reason for these proposals was to put pressure on the SSL certificate ecosystem to provide (CAs) and adopt (hosting) automated SSL renewal practices. Businesses have had three years since Let's Encrypt first went live to adopt such practices, but many chose not to — not just hosting providers, but e.g. bigcorp load balancers too.


Guess what - not all websites are businesses. In fact not all websites are dynamically-generated so why the fsck do we all have to put up with this madness? Make HTTPS/SSL necessary for transactional sites but for simple static sites give me a break.


did you know there are ISPs out there that inject garbage code into the html of unprotected sites?

get out of here with this HTTPS is unnecessary tedium.


Better not do business with shady companies then.


or you could follow established best practices and secure your site with TLS.


Both. I am not responsible if you chose a shitty ISP.


But this makes no sense because the user has basically zero control of how their traffic is routed to/from you.

If we could trust the entire network we wouldn’t need TLS for any site.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: