A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.

To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).

TLS: Difference between revisions

From WHATWG Wiki
Jump to navigation Jump to search
No edit summary
 
(5 intermediate revisions by the same user not shown)
Line 4: Line 4:
* Protection of end user credentials
* Protection of end user credentials
* Increased confidentiality (not perfect; domain is leaked, traffic analysis can still tell a great deal)
* Increased confidentiality (not perfect; domain is leaked, traffic analysis can still tell a great deal)
* Service workers
* Access to new platform features
** Service workers
** Push API
** Subresource Integrity
** [https://html.spec.whatwg.org/multipage/forms.html#dom-form-requestautocomplete requestAutocomplete()]
** WebRTC (maybe)
** Web Crypto (only Chrome requires TLS for now)
** Hopefully getUserMedia() and geolocation down the line (mistakenly allowed, will probably have non-TLS deprecation period before disabling there)
* [http://www.infoq.com/articles/Web-Sockets-Proxy-Servers Reduced problems with proxy traversal]
* [http://www.infoq.com/articles/Web-Sockets-Proxy-Servers Reduced problems with proxy traversal]
* [https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS Tim Bray on why privacy should be on by default]
* [https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS Tim Bray on why privacy should be on by default]
Line 10: Line 17:
* [https://indiewebcamp.com/HTTPS#Why Indie Web Camp on HTTPS]
* [https://indiewebcamp.com/HTTPS#Why Indie Web Camp on HTTPS]
* [https://konklone.com/post/switch-to-https-now-for-free How to switch to HTTPS for free]
* [https://konklone.com/post/switch-to-https-now-for-free How to switch to HTTPS for free]
* [https://wiki.mozilla.org/Security/Server_Side_TLS Mozilla recommended server configurations]


== HSTS ==
== HSTS ==


* [https://annevankesteren.nl/2014/09/tls-hsts TLS: deploy HSTS] TL;DR without HSTS your TLS deployment is not worth much
* [https://annevankesteren.nl/2014/09/tls-hsts TLS: deploy HSTS] TL;DR without HSTS your TLS deployment is not worth much
* https://www.eff.org/deeplinks/2014/02/websites-hsts

Latest revision as of 08:21, 15 October 2014

TLS

HSTS