Almost a year ago, a committed a patch to my browser that made it default to HTTPS. So when I enter foo.com
, goes directly to https://foo.com
, instead of going to http://foo.com
and “hoping” for a redirect.
I think today was the first time that this didn’t work. 🤔 A web server had misconfigured HTTPS, only HTTP worked.
@movq@uninformativ.de Its pretty easy to get wrong honestly 😅 That is, its pretty easy to misconfigure a web server to do HTTP -> HTTPS redirects 🤣 and end up causing redirect loops 🙄
@movq@uninformativ.de Maybe… I mean I can’t think of any reason not to, thinks like minica basically make generating a CA and Certs essentially a breeze, so there’s no reason why browsers can’t just default to HTTPS – even for local development.
@abucci@anthony.buc.ci You are right, I often wonder how secure those Certificate Authorities (CA) really are in the first place and how much they can or cannot be trusted 😅
I do trust code like crypto/tls and minica though 👌
@prologic@twtxt.net @abucci@anthony.buc.ci The entire public key infrastructure is kinda a joke, tbh. Let’s Encrypt made HTTPS free, but in practice that mostly just means malware can be delivered securely to your PC. EV certs made a lot more sense, but Google had to deprecate those, VMC appears to be a potentially worthy replacement though.
A Verified Mark Certificate (VMC) is a digital certificate issued by a certificate authority that verifies logo ownership. Your logo must be a registered trademark before receiving a VMC. A VMC verifies that your organization is the legal owner of your brand logo. Using a logo with a VMC helps prevent spammers and other malicious users from …
Uggh that basically makes open source and hobbyist stuff impossible 😳
@abucci@anthony.buc.ci Me neither! 😢 Not unless you include my mug shot (face) 🤣
@prologic@twtxt.net It does, but EV was already just prohibitively expensive. It’s very hard for corporations to distinguish between malware authors and hobbyist developers, unfortunately.
@abucci@anthony.buc.ci Well in this case the problem is that corporations tend to make and control all the web browsers.