From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 102385 invoked by alias); 25 Apr 2016 13:20:23 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 102374 invoked by uid 89); 25 Apr 2016 13:20:22 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=4.1 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_THEBAT,SPF_SOFTFAIL autolearn=no version=3.3.2 spammy=H*UA:Bat!, H*x:Bat!, H*r:sk:postmas, H*UA:Home X-HELO: smtp.ht-systems.ru Received: from smtp.ht-systems.ru (HELO smtp.ht-systems.ru) (78.110.50.177) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Mon, 25 Apr 2016 13:20:12 +0000 Received: from [95.165.144.62] (helo=darkdragon.lan) by smtp.ht-systems.ru with esmtpa (Exim 4.80.1) (envelope-from ) (Authenticated sender: postmaster@rootdir.org) id 1augQl-0005oY-RS ; Mon, 25 Apr 2016 16:20:03 +0300 Received: from [192.168.1.10] (HELO daemon2.darkdragon.lan) by daemon2 (Office Mail Server 0.8.12 build 08053101) with SMTP; Mon, 25 Apr 2016 13:05:18 -0000 Date: Mon, 25 Apr 2016 17:41:00 -0000 From: Andrey Repin Reply-To: cygwin@cygwin.com Message-ID: <1591620976.20160425160517@yandex.ru> To: Adam Dinwoodie , cygwin@cygwin.com Subject: Re: Proposed patch for web site: update most links to HTTPS In-Reply-To: <20160425124332.GO2345@dinwoodie.org> References: <1074467721.20160425030008@yandex.ru> <48360918.20160425084918@yandex.ru> <20160425124332.GO2345@dinwoodie.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2016-04/txt/msg00593.txt.bz2 Greetings, Adam Dinwoodie! > Secure connections historically had a high overhead, sure, but that's > very rarely the case nowadays. Certainly my experince of loading the > Cygwin web page is that there's no perceptible difference between the > http and https versions. Adam Langley (a senior engineer at Google) > wrote an article back in 2010 about how TLS is now computationally > cheap[0]; it's only gotten cheaper since. Typical marketing bullshit. > [0]: https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html > See also https://istlsfastyet.com/, which has a lot of discussion about > the impacts of TLS, but the short answer is "yes". If YOUR experience was positive, mine was always negative, especially with cygwin.com, down to being forced to switch to plain HTTP to even load any page. > At the very least, the Cygwin website should be using protocol- > independent links, meaning users accessing the website using https > aren't switched to http when they click on a link That was my point, exactly. > (i.e. link to > "//cygwin.com/path/to/page" rather than "https://cygwin.com/..." or > "http://cygwin.com/..."). Just /path/to/page is enough. Even necessary considering cygwin.com is multi-domain site. > But I agree with Brian: the Cygwin website should use https everywhere > unless there's some good, specific reason why it's a bad idea. And "TLS is > slow" hasn't been a good reason for years. See above. -- With best regards, Andrey Repin Monday, April 25, 2016 16:01:59 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple