Why no https?

Could someone enlighten me why root.cern.ch/ isn’t using https in 2014?

By the way - thanks to everyone for supporting such a great free and open project - I do not intend to complain about a grain of sand and disregard the beach.

(If there are plans to, I hope SHA >1!)

Many thanks


Hi Ben,

I see no problem with http in 2014 - if it carries no valuable information. I think (wow, that’s easily misunderstood :slight_smile: that’s for instance the case for ROOT documentation and binaries.

We plan to go https for instance for the forum. Even now you can already browse it through http - what’s missing is a forward / rewrite from http to https.

In related news I found our links to the binaries using ftp problematic; many sites block it now. So this should go http in the near future :slight_smile:

Does that make sense?

Cheers, Axel.

Hi Axel

Thanks for the reply. A forward rewrite might be done via

eff.org/deeplinks/2014/11/c … entire-web

Worse ways to spend 20 minutes perhaps? :slight_smile:


I know how to implement the rewrite :slight_smile:

And I take back what I said about “unimportant files”: if a third party modifies ROOT binaries (aka injects a trojan) served over http during flight nobody will notice. So even that should become https.

Alas I have too many good ways of spending 20 mins :frowning: We’ll get to it eventually.

Cheers, Axel.


All of root.cern.ch is now https - thanks for your suggestion!

Next comes a “publicly accepted” certificate. That’s for January.

Cheers, Axel.

We now have a (publicly known) Comodo certificate installed.


Great stuff, thanks Axel!