Hacker News new | past | comments | ask | show | jobs | submit login

> Oh, so you know better than me what kind of content is on my site? So a static site with my resume needs SSL then to protect the other users?

Without TLS how do YOU know that the user is receiving your static resume. Any MitM can tamper with the connection and replace your content with something malicious. With properly configured TLS that's simply not possible (with the exception you describe in corporate settings where BlueCoat's cert has to be added to the machine's trust store in order for that sniffing to be possible). Hopefully in the future even that wont be possible.

And web servers can even detect TLS MITM: https://caddyserver.com/docs/mitm-detection

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact