As Jonesy noted, it appears that 3830scores.com does not have a SSL/TLS
certificate set up from a certificate signing authority. Thus, the
connection uses HTTP instead of HTTPS, or ignores it and continues with
HTTPS.
HTTPS provides a couple of things considered valuable:
1. A certificate traceable to a known authority signing the connection
to know you are communicating with the site you think you are.
2. The connection traffic is encrypted, so if someone is snooping on
your connection, they cannot see what is being sent in either direction.
With HTTP (or unsigned HTTPS), the domain name system is expected to give
you the correct IP address for 3830scores.com -- 172.236.236.74 (or
2a01:7e03::2000:a7ff:fe0d:261f for IPv6). You also expect that network
routing has not been messed with and that you are actually connected to the
real site, and not an imposter. Both have some risk, but for the purposes
of recording or looking up a contest score, the risk is probably quite
small.
The U.S. government a few years ago required all government sites be
"secure" using https. That means that if I want to look up the temperature
at my nearby airport, I have to make a secure connection. If my computer
software / browser is too old to use the minimum required transport layer
security (TLS) level, I cannot do this. When weaknesses are found in a
version of the secure protocols, new versions of the protocol and software
are created. This forces upgrading browsers and other security software on
our computers. In many cases our old computers cannot run a sufficiently
new operating system (required by the new browsers). ( Yes, I have an
otherwise perfectly good computer that has aged out in this way. )
Many providers now only operate with secure connections. Thus if I want to
watch a cat video, I need secure validation of the connection, and
encryption of the video data. There are many types of connections and
transmissions that do not need secure, encrypted transmission, and I should
be able to use HTTP and avoid the TLS overhead if I want.
As Jonesy noted, there are types of communications where security is
required.
If the network connection is over amateur radio, in almost all cases
encryption is illegal, so making a https connection over an amateur radio
link is prohibited. (And, no, I don't think this should be changed.)
Enough rambling?
Alan
_______________________________________________
VHFcontesting mailing list
VHFcontesting@contesting.com
http://lists.contesting.com/mailman/listinfo/vhfcontesting
|