Den 23.01.2015 09:24, skrev Ondřej Caletka:
Hello Paul,
Dne 22.1.2015 v 16:48 Paul Civati napsal(a):
2. There have been far more security holes in https/TLS/SSL of recent than plain HTTP as far as I can tell. Therefore I would say that https is less secure unless you have sensitive information to transport. Do you have any citation on this?
Not trying to start an off-topic discussion, but: If you browse the web for security vulnerabilities in TLS/encryption-software you will clearly find a lot of matches. Some even extremely critical. Therefore, any service imlementing encryption will have more security holes than if it did not implement encryption. This is unquestionable. When it comes to being less secure, I agree that it would be correct to state that a non-sensitive site will be less secure with encryption enabled simply because there is no security gain in supporting encryption - but you do however get added security holes. In the mail from RIPE they say that they are adding SSO, so the site will eventually become sensitive and therefore need TLS.