A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.
To request an account, ask an autoconfirmed user on Chat (such as one of these permanent autoconfirmed members).
TLS: Difference between revisions
Jump to navigation
Jump to search
(→TLS) |
(→TLS) |
||
| Line 4: | Line 4: | ||
* Protection of end user credentials | * Protection of end user credentials | ||
* Increased confidentiality (not perfect; domain is leaked, traffic analysis can still tell a great deal) | * Increased confidentiality (not perfect; domain is leaked, traffic analysis can still tell a great deal) | ||
* Service workers | * Access to new platform features | ||
* Web Crypto (only Chrome requires TLS for now) | ** Service workers | ||
** Push API | |||
** Subresource Integrity | |||
** [https://html.spec.whatwg.org/multipage/forms.html#dom-form-requestautocomplete requestAutocomplete()] | |||
** WebRTC (maybe) | |||
** Web Crypto (only Chrome requires TLS for now) | |||
** Hopefully getUserMedia() and geolocation down the line (mistakenly allowed, will probably have non-TLS deprecation period before disabling there) | |||
* [http://www.infoq.com/articles/Web-Sockets-Proxy-Servers Reduced problems with proxy traversal] | * [http://www.infoq.com/articles/Web-Sockets-Proxy-Servers Reduced problems with proxy traversal] | ||
* [https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS Tim Bray on why privacy should be on by default] | * [https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS Tim Bray on why privacy should be on by default] | ||
Revision as of 08:52, 25 September 2014
TLS
- Integrity of content (no tampering possible)
- Protection of end user credentials
- Increased confidentiality (not perfect; domain is leaked, traffic analysis can still tell a great deal)
- Access to new platform features
- Service workers
- Push API
- Subresource Integrity
- requestAutocomplete()
- WebRTC (maybe)
- Web Crypto (only Chrome requires TLS for now)
- Hopefully getUserMedia() and geolocation down the line (mistakenly allowed, will probably have non-TLS deprecation period before disabling there)
- Reduced problems with proxy traversal
- Tim Bray on why privacy should be on by default
- HTTPS is a ranking signal for Google
- Indie Web Camp on HTTPS
- How to switch to HTTPS for free
HSTS
- TLS: deploy HSTS TL;DR without HSTS your TLS deployment is not worth much