I have a home server and I have some HTTP services running on it. I’m thinking if I should even bother with HTTPS, as I’m already using tail scale which should be peer-to-peer and encrypted. So I shouldn’t worry about any men in the middle.

Am I missing something?

It just feels wrong to work with non-S HTTP :(

  • MTK@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    11 months ago

    It does though doesn’t it? since every device needs to be authorized by me first

    • damium
      link
      fedilink
      English
      arrow-up
      14
      ·
      11 months ago

      It can still have issues with potential attacks that would redirect your client to a system outside of the VPN. It would prevent MitM but not complete replacement.

      • λλλ
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        Yep! It all comes down to your attack surface and how paranoid you want to be.