| ▲ | adiabatichottub 2 hours ago | |||||||
> It also helps technically. If you want to make a tiny web server, like on a microcontroller, encryption is the hardest part. > Two problems remain with the lack of encryption, first is authenticity. Anyone can man-in-the-middle and change the web page, TLS prevents that. But what I think is an even better solution is to do it at the content level: sign the content, like a GPG signature, not the server, this way you can guarantee the authenticity of the content, no matter where you are getting it from. If your microcontroller can't do TLS then it probably won't do GPG either. But you can still serve HTTP content on port 80 if you need to support plaintext. I believe a lot of package distribution is still over HTTP. Edit: Sorry, missed the web server part somehow and was thinking of a microcontroller based client. > In addition, TLS comes with expiring certificates, requiring regular maintenance, you can't just have your server and leave it alone for years, still working. It can also bring back simple caching proxies, great for poor connectivity. Yeah, TLS and DNS are the two of the biggest hurdles to a completely distributed Internet. Of course you go down that road and you get IPFS, which sounds cool to me, but doesn't seem to have ever taken off. | ||||||||
| ▲ | zzo38computer 2 hours ago | parent [-] | |||||||
> If your microcontroller can't do TLS then it probably won't do GPG either. It is not a problem if you are only serving static files. | ||||||||
| ||||||||