I used to be of this opinion but enough ISPs and other intermediaries will happily MITM http (and DNS) if they can to inject ads or redirects to affiliates.
With modern hardware and letsencrypt, getting SSL going is about close to free and less effort than what most "just text" sites do for their content.
but still my only submission is that if SSL is one of criteria;s in all Due dils, then how it would be difficult to add one PG;s site? or why to make such a big fuss around it?
20 comments
[ 4.4 ms ] story [ 53.0 ms ] threadWith modern hardware and letsencrypt, getting SSL going is about close to free and less effort than what most "just text" sites do for their content.
https://www.troyhunt.com/heres-why-your-static-website-needs...
Yes. It's that simple.
SSL can also stop your ISP infecting content, but if they're doing that you've got a crap ISP.
https://crt.sh/?q=paulgraham.com
his site is probably only meant to serve HTTP but gets HTTPS with the wrong cert because of the vhosting of the other site.
Paul Graham still does not offer HTTPS on his site https://news.ycombinator.com/item?id=23059825
Ask HN: Why Doesn't Paul Graham Get a SSL Certificate? https://news.ycombinator.com/item?id=24351945
Why doesn't pg use HTTPS on his site? https://news.ycombinator.com/item?id=27065639
http://n-gate.com/software/2017/