I have a home server and I have some HTTP services running on it. I’m thinking if I should even bother with HTTPS, as I’m already using tail scale which should be peer-to-peer and encrypted. So I shouldn’t worry about any men in the middle.

Am I missing something?

It just feels wrong to work with non-S HTTP :(

  • @damium@programming.dev
    link
    fedilink
    English
    149 months ago

    It can still have issues with potential attacks that would redirect your client to a system outside of the VPN. It would prevent MitM but not complete replacement.

    • λλλ
      link
      fedilink
      English
      19 months ago

      Yep! It all comes down to your attack surface and how paranoid you want to be.