Hi,
as I am regularly forced to use an untrusted, unencrypted network, I don't feel fine using unencrypted HTTP to connect to Deskthority. Using an SSH-Tunnel or VPN isn't always an option, so it would be very nice if it was possible to reach Deskthority over HTTPS. I would think that a certificate signed by CACert should be sufficient, to avoid the cost of a signed certificate.
I'd be very happy if you implemented this!
Deskthority over HTTPS?
-
bhtooefr
- Location: Newark, OH, USA
- Main keyboard: TEX Shinobi
- Main mouse: TrackPoint IV
- Favorite switch: IBM Selectric (not a switch, I know)
- DT Pro Member: 0056
- Contact:
StartSSL also does free certificates that would be sufficient.
-
bhtooefr
- Location: Newark, OH, USA
- Main keyboard: TEX Shinobi
- Main mouse: TrackPoint IV
- Favorite switch: IBM Selectric (not a switch, I know)
- DT Pro Member: 0056
- Contact:
Manual trust isn't a good policy except for a private site.
-
bhtooefr
- Location: Newark, OH, USA
- Main keyboard: TEX Shinobi
- Main mouse: TrackPoint IV
- Favorite switch: IBM Selectric (not a switch, I know)
- DT Pro Member: 0056
- Contact:
But others may stumble on an https link and NOT be aware.
-
bhtooefr
- Location: Newark, OH, USA
- Main keyboard: TEX Shinobi
- Main mouse: TrackPoint IV
- Favorite switch: IBM Selectric (not a switch, I know)
- DT Pro Member: 0056
- Contact:
Yes, you can host both (my server has a valid certificate and hosts both), but let's say that one of the users is used to using the SSL site. They copy a link to a post, and paste it somewhere.
Now, a user is getting directed to the SSL site, and gets the certificate error from their browser.
See the problem?
And, it's free and easy to do it right, so why not do it right?
Now, a user is getting directed to the SSL site, and gets the certificate error from their browser.
See the problem?
And, it's free and easy to do it right, so why not do it right?
-
webwit
- Wild Duck
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
- Contact:
It would be an interesting experiment to do it all over https. CPU capacity is not a problem any more with https, but there's still the extra negotiating. This means that in order for the site to remain fast, it must be optimized to make as little https requests as possible. So, example, you don't load 1 page + 1 css + 10 images, but 1 page + 1 css with base64 encoded images or one css sprite, reducing the number of requests. Also, there's the problem with mixed content. All in all, it's an effort for which we simply don't have the required amount of manpower on a hobby forum at this point of time.
-
webwit
- Wild Duck
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
- Contact:
Not if done well. But that takes effort. The only really secure way to do https is to do it all the way.
-
Icarium
- Location: Germany
- Main keyboard: These fields just
- Main mouse: opened my eyes
- Favorite switch: I need to bring stuff to work
- DT Pro Member: -
Wow, people really optimize the number of requests? Can't you just set it up in a straightforward way and if somebody thinks it is too slow they can just use the regular kind?
-
sirtetris
- Location: germany
- Main keyboard: poker
- Favorite switch: mx blue
- DT Pro Member: -
- Contact:
Just want to add that I'd appreciate being able to connect with ssl, too.