Could someone enlighten me why root.cern.ch/ isn’t using https in 2014?

By the way - thanks to everyone for supporting such a great free and open project - I do not intend to complain about a grain of sand and disregard the beach.

(If there are plans to, I hope SHA >1!)

Many thanks

Ben

Hi Ben,

I see no problem with http in 2014 - if it carries no valuable information. I think (wow, that’s easily misunderstood that’s for instance the case for ROOT documentation and binaries.

We plan to go https for instance for the forum. Even now you can already browse it through http - what’s missing is a forward / rewrite from http to https.

In related news I found our links to the binaries using ftp problematic; many sites block it now. So this should go http in the near future

Does that make sense?

Cheers, Axel.

Hi Axel

Thanks for the reply. A forward rewrite might be done via

eff.org/deeplinks/2014/11/c … entire-web

Worse ways to spend 20 minutes perhaps?

Hi,

I know how to implement the rewrite

And I take back what I said about “unimportant files”: if a third party modifies ROOT binaries (aka injects a trojan) served over http during flight nobody will notice. So even that should become https.

Alas I have too many good ways of spending 20 mins We’ll get to it eventually.

Cheers, Axel.

Hi,

All of root.cern.ch is now https - thanks for your suggestion!

Next comes a “publicly accepted” certificate. That’s for January.

Cheers, Axel.

We now have a (publicly known) Comodo certificate installed.

Axel.

Great stuff, thanks Axel!