Jach's personal blog

(Largely containing a mind-dump to myselves: past, present, and future)
Current favorite quote: "Supposedly smart people are weirdly ignorant of Bayes' Rule." William B Vogt, 2010


Finally got off my butt and used Let's Encrypt to add an HTTPS cert to this domain. Woot!

Non-HTTPS links should redirect to HTTPS ones, but this may change in the future if for some odd reason I think it should.

Posted on 2017-04-08 by Jach

Tags: fodder


Trackback URL:

Back to the top

Anonymous June 17, 2017 02:20:59 PM Is good now you can have HTTPS. However, HSTS is bad. HPKP is a good idea but they should not implement "no-user-recourse" (but I do have ideas of an alternative which gives the user additional options), and should not implement automatic reporting (only must be if selected by user).
Jach June 17, 2017 02:57:22 PM I don't send the HSTS header, I just do it old school with a redirect. :) The HSTS doesn't seem like a bad idea in addition though, apart from needing to make sure subdomains are covered. Why do you think it's bad? Do you not like the risk that when the cert expires, if it hasn't been updated then browsers will freak out?
Back to the first comment

Comment using the form below

(Only if you want to be notified of further responses, never displayed.)

Your Comment:

LaTeX allowed in comments, use $$\$\$...\$\$$$ to wrap inline and $$[math]...[/math]$$ to wrap blocks.