Dave Winer publishes a piece about why HTTPS is “expensive security theater”. For whatever reason, I can’t sign onto Twitter to respond (his site hangs on a node2.1999.io call to a non-standard port, so who knows what’s going on there), so I thought I’d at least do so here. He says…
You don’t actually need to move your site at all. Use Cloudfront to handle SSL for you. Get a certificate, upload it to Amazon, change the DNS of scripting.com to point to your Cloudfront distro. Job done. It’s not expensive to do that: it’s the cost of a cert and not much more in terms of traffic. The “trade-off” is that the site will run faster; though another trade-off is that everything will be cached, which does mean you need to work harder at avoiding that when you’ve made changes to the files.
The bottom line: it’s not expensive, it’s relatively easy to do, and it works.
My RSS feed is there. God knows how many bots are reading it every five seconds.
You don’t have to move it. You don’t even need to retire the http version. Google will probably index the https version once it knows there’s one there, but that’s all.
And many RSS readers don’t deal properly with HTTPS over SNI, as another gotcha.
Frankly if the Chinese want to add or remove stuff from my blog, go ahead, have a party. I’m sure they don’t care. Honestly, I don’t care either.
I changed over to HTTPS because I’d seen hotspots fiddle with the advertising on my site; other mobile networks mess with images and make them look ugly; and other strange interventions done without my consent to my work. I didn’t like it, so I switched.