On 19.08.21 21:48, Paul Gevers wrote:
On 19-08-2021 21:46, Simon Richter wrote:For the most part, users would configure https if they are behind a corporate firewall that disallows http, or modifies data in-flight so signature verification fails, everyone else is better off using plain http.Except for the security archive, where https can prevent a man-in-the-middle from serving you outdated information and thus deprive you from updates.
For a week until Valid-Until expires. Note that the denial of service equally works for HTTPS, it's just more noisy.
Kind regards Philipp Kern