
We’ve Just Encrypted All of WIRED.com - CapitalistCartr
https://www.wired.com/2016/09/now-encrypting-wired-com/
======
edraferi
Might be better to look at their technical version:
[https://www.wired.com/2016/09/wired-completely-
encrypted/](https://www.wired.com/2016/09/wired-completely-encrypted/)

------
yashafromrussia
What are the challenges of migrating to https only protocol? I have done it
before, not on wired.com scale though. We use AWS and it's not that difficult
to start supporting https and have all http requests redirected to https. Can
someone explain why it took them a year to do this?

~~~
dogma1138
>not on wired.com scale

This is why, when you have a site the size of wired.com it's not a matter of
changing the binding on your webserver.

You need to go over the entire site including historic content to make sure
that all the links are HTTPS.

You need to go over the entire code of the website and make sure all the JS
requests are over HTTPS.

You need to make sure all the adds and 3rd party content you serve are over
HTTPS.

You need to make sure all of the SEO and tracking still works.

You need to make changes to the CMS and how you roll out content.

You need to adjust your CDN and scalability to support HTTPS.

You need to update your redirects, sitemaps, search and more importantly make
sure that you handle search engine redirects properly because it would be
probably months until the search engines update all the links.

You need to make sure all your syndicated and affiliated content over the past
few decades that is still linked somewhere will redirect properly.

This isn't a simple task, this is probably on the same level of complexity as
updating your CMS and URL structure while preserving all the historic content,
links, syndication, and search engine results.

------
anilgulecha
The big threats today in the DNS infra today are CAs, as shown recently by
WoSign/Start.

All an adversary needs to MITM is a temporary certificate which they feed on a
TUNNEL in the ISPs' network. That way only the target is served that
certificate, which is disposed off after use.

------
okket
No, you did not encrypt all of Wired. Just some data transfer to your clients.
Which may still be vulnerable to guess attacks since the content is public,
known and mostly static.

But at least it is now much, much harder to modify the content during
transfer, which is good.

------
laurent123456
They missed one:

    
    
        baseUrl: 'http://www.wired.com'

