Editing 2634: Red Line Through HTTPS

{{comic
| number    = 2634
| date      = June 17, 2022
| title     = Red Line Through HTTPS
| image     = red_line_through_https.png
| titletext = Some organization has been paying to keep this up and it hasn't been removed from search results. Seems like two votes of confidence to me.
}}

==Explanation==
{{incomplete|Created by a RECURSIVE REDLINE - Please change this comment when editing this page. Do NOT delete this tag too soon.}}

The titular Red Line Through HTTPS means that the site is using basic HTTP. Theoretically, this is insecure, and leaves one open to MITM attacks.

However, HTTPS is very much the default these days. Any site which still uses HTTP must thus be old, and must have existed before the modern proliferation of AI-generated spam sites. Thus, the red line paradoxically indicate reliability

==Transcript==
{{incomplete transcript|Do NOT delete this tag too soon.}}
:[White Hat sits at a desk facing his laptop with Cueball standing behind him looking over his shoulder.]
:White Hat: What does the red line through https mean?
:Cueball: Oh, just that the site hasn't been updated since 2015 or so.
:Cueball: And since it's been around that long it means it's probably legit.


{{comic discussion}}
@@ Line 8: / Line 8: @@
 ==Explanation==
+{{incomplete|Created by a RECURSIVE REDLINE - Please change this comment when editing this page. Do NOT delete this tag too soon.}}
-This comic pokes fun at the lack of security implied by an unverified {{w|https}} connection as implied by the "red line through  (<span style="color:red"><s>https</s></span>)". https is an extension to the http protocol which (among other things) verifies that the server owns the domain name. “Insecure” https is usually caused by invalid TLS certificates, which can be an indication that an attacker is intercepting the connection (the attacker doesn’t have access to the certificates). However reasons for “insecure” https are often caused by benign reasons:
+The titular Red Line Through HTTPS means that the site is using basic HTTP. Theoretically, this is insecure, and leaves one open to MITM attacks.
-* The certificates expired, and the site maintainers have not asked for new certificates.
+However, HTTPS is very much the default these days. Any site which still uses HTTP must thus be old, and must have existed before the modern proliferation of AI-generated spam sites. Thus, the red line paradoxically indicate reliability
-* The certificates are self-signed by the owners.
-* The client has an outdated list of CA certificates.
-A comprehensive list of reasons associated with server misconfigurations can be found on [https://badssl.com/ badssl].
-Although a lack of the https protocol in a web process does allow for third party tampering and deception, it also implies that the site is rather old; and, if it has been maintained for this long, it is probably not malicious, as most malicious sites are either reported and taken down or allowed to become defunct by their operators after a short amount of time.
-The title text essentially explains the joke, noting that maintaining a website costs money and that there are regulatory agencies responsible for taking down sketchy domains, and so if a website is still up despite these obstacles, it is probably trustworthy.
-A similar question was asked on [[1256: Questions]].
 ==Transcript==
-:[White Hat is sitting in an office chair at his desk facing his laptop while Cueball is standing behind him looking over his shoulder.]
+{{incomplete transcript|Do NOT delete this tag too soon.}}
+:[White Hat sits at a desk facing his laptop with Cueball standing behind him looking over his shoulder.]
 :White Hat: What does the red line through https mean?
 :Cueball: Oh, just that the site hasn't been updated since 2015 or so.
 :Cueball: And since it's been around that long it means it's probably legit.
 {{comic discussion}}
-[[Category:Comics featuring White Hat]]
-[[Category:Comics featuring Cueball]]
-[[Category:Computer security]]
-[[Category:Internet]]