Sure but as a server operator, who cares? I already have zero trust in the clien... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Spivak 11 months ago \| parent \| context \| favorite \| on: Web page annoyances that I don't inflict on you Sure but as a server operator, who cares? I already have zero trust in the client and it's not my job to punish the user for not being secure enough. If they get pwned, that's their problem. Unless I'm at work where there's compliance checkboxes to disallow old SSL versions I'll take whatever you have.

o11c 11 months ago [–]

If you serve insecurely, that means allowing downgrade attacks and malware injection for clients who are trying to do the right thing.

At least if you use HTTP it is blatantly insecure.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact