
Bloggers: Read this before moving to https - jjude
https://jjude.com/cost-of-https/
======
shakna
RSS 2.0 was specced in '02, if I have my dates right.

The web world has changed a fair bit in 12 years.

That the spec demands a protocol is hardly surprising, and I do wish that most
readers out there would allow other connection protocols, but as they mostly
don't, offering a part of your website over HTTP seems the only option.

To mitigate: Statically generate your RSS on each change. (If you use
something like Jekyll, a breeze, something like PHP, a pain in the ass).

In the long run?

We need RSS 3.0, as long as the big players don't compromise it or kill it,
but instead adopt it.

~~~
pvorb
Simply use Atom Syndication Format instead of RSS.

------
voyou
RSS 2.0 does actually allow HTTPS URLs[1]. The author of the blog post appears
to be misreading a StackOverflow comment which is specifically about
<enclosure> elements, which are the only URLs that the RSS spec restricts to
HTTP.

1: [http://www.rssboard.org/rss-
specification#comments](http://www.rssboard.org/rss-specification#comments)

------
x1798DE
This is obviously an issue, but I feel like this is a situation where you
should ignore that part of the spec or at worst offer an http-only alternate
version. When the spec is dangerously out of date like this, there's no reason
to fetishize compliance.

~~~
x1798DE
Also, a bit surprising he went with StartSSL. I thought they had a digital
death sentence because of the WoSign thing. Is that not accurate?

~~~
vurpo
Is there any reason at all to go with anything other than Let's Encrypt if
you're getting a cert for your personal blog?

------
Outpox
Concerning the link changes, couldn't the author have used the "//url.com"
format in order to avoid this issue in the first place?

