I have a home server and I have some HTTP services running on it. I’m thinking if I should even bother with HTTPS, as I’m already using tail scale which should be peer-to-peer and encrypted. So I shouldn’t worry about any men in the middle.

Am I missing something?

It just feels wrong to work with non-S HTTP :(

  • atzanteol@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    16
    ·
    11 months ago

    HTTPS performs two duties.

    1. Secures your connection from prying eyes.
    2. Verifies the identity of the server.

    Your VPN provides the former but not the latter. That said the odds of there being an issue in this regard are so slim as to be zero, so you’ll probably be fine.

    • MTK@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      11 months ago

      It does though doesn’t it? since every device needs to be authorized by me first

      • damium
        link
        fedilink
        English
        arrow-up
        14
        ·
        11 months ago

        It can still have issues with potential attacks that would redirect your client to a system outside of the VPN. It would prevent MitM but not complete replacement.

        • λλλ
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          Yep! It all comes down to your attack surface and how paranoid you want to be.