A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.
To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).
TLS: Difference between revisions
Jump to navigation
Jump to search
(→TLS) |
(→HSTS) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 17: | Line 17: | ||
* [https://indiewebcamp.com/HTTPS#Why Indie Web Camp on HTTPS] | * [https://indiewebcamp.com/HTTPS#Why Indie Web Camp on HTTPS] | ||
* [https://konklone.com/post/switch-to-https-now-for-free How to switch to HTTPS for free] | * [https://konklone.com/post/switch-to-https-now-for-free How to switch to HTTPS for free] | ||
* [https://wiki.mozilla.org/Security/Server_Side_TLS Mozilla recommended server configurations] | |||
== HSTS == | == HSTS == | ||
* [https://annevankesteren.nl/2014/09/tls-hsts TLS: deploy HSTS] TL;DR without HSTS your TLS deployment is not worth much | * [https://annevankesteren.nl/2014/09/tls-hsts TLS: deploy HSTS] TL;DR without HSTS your TLS deployment is not worth much | ||
* https://www.eff.org/deeplinks/2014/02/websites-hsts |
Latest revision as of 08:21, 15 October 2014
TLS
- Integrity of content (no tampering possible)
- Protection of end user credentials
- Increased confidentiality (not perfect; domain is leaked, traffic analysis can still tell a great deal)
- Access to new platform features
- Service workers
- Push API
- Subresource Integrity
- requestAutocomplete()
- WebRTC (maybe)
- Web Crypto (only Chrome requires TLS for now)
- Hopefully getUserMedia() and geolocation down the line (mistakenly allowed, will probably have non-TLS deprecation period before disabling there)
- Reduced problems with proxy traversal
- Tim Bray on why privacy should be on by default
- HTTPS is a ranking signal for Google
- Indie Web Camp on HTTPS
- How to switch to HTTPS for free
- Mozilla recommended server configurations
HSTS
- TLS: deploy HSTS TL;DR without HSTS your TLS deployment is not worth much
- https://www.eff.org/deeplinks/2014/02/websites-hsts