Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
BIND
BIND
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 627
    • Issues 627
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 116
    • Merge Requests 116
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI/CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #1032

Closed
Open
Created May 15, 2019 by Timothe Litt@tlhackque

http URLs should be replaced by httpS where possible in sources, documentation

The README discussion in #1029 caused me to look more closely at the file than usual.

There are at least 4 instances of http: URIs that should be https:

There are quite a few http: URIs in the doc tree as well - but you can't do a global substitution. For example, there are references to the statistics channel, which does not support SSL/TLS. Except for those special cases, pretty much everyone supports https: - for security, for search engine ranking, to avoid browser warnings. And because it's now best practice.

Most of the http: URIs redirect to https: (including the Mozilla license and the XSL schemas), but this doesn't prevent MITM issues.

Of course these aren't financially or privacy sensitive references, but knowing ISC's interest in internet hygiene, I thought I should point them out.

In the medium-long term http is being defacto deprecated. (None of my external-facing sites have responded to http: for years...which until recently, dramatically cut down on the unwanted probes.)

Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None