Conversation:

Notices

1. MMN-o ✅⃠ (mmn)'s status on Saturday, 07-Jan-2017 07:42:15 EST MMN-o ✅⃠

   Remote profile options...

   • rugk
   @rugk Supporting both HTTP and HTTPS would be terrible because that defeats the purpose of HTTPS. However, allowing upgrades from HTTP to HTTPS is something I've already put some code in place for but it doesn't seem to reach quite all the way yet. The reason it's a problem is that the web (as in how it's defined by the W3C) uses URIs and these URIs cannot change becau…
   • MMN-o ✅⃠ (mmn)'s status on Saturday, 07-Jan-2017 08:01:17 EST MMN-o ✅⃠

     Remote profile options...

     • rugk
     @rugk ...not really. That's a hack that web browsers implement that says "use the same protocol as is currently in use". If I host something on an HTTP server it would be inaccessible for anyone on HTTPS if it said "//example.com" (because having the TLS overhead is sometimes just annoying if all you want is to publish an Atom feed). I agree that HTTPS should be used a…
   • MMN-o ✅⃠ (mmn)'s status on Saturday, 07-Jan-2017 08:04:10 EST MMN-o ✅⃠

     Remote profile options...

     • rugk
     @rugk Generally, !GNUsocial is a public network with public posts, so there's nothing you need to hide (and if you do have something to hide, create a pseudonym on a generic server via Tor Browser).
     Integrity and authorship is checked with methods that do not require HTTPS.
   • MMN-o ✅⃠ (mmn)'s status on Saturday, 07-Jan-2017 11:10:26 EST MMN-o ✅⃠

     Remote profile options...

     • rugk
     @rugk HTTPS still requires a lot if it's supposed to fill any purpose.If you use HTTPS without making sure it's up to strict standards then any properly validating HTTPS client will still be unable to communicate with you (say, if you're using SSL instead of TLS or reusing your private key since forever because It Still Sort Of Just Works And It's Way Too Messy To Change(tm).)