I have a home server and I have some HTTP services running on it. I’m thinking if I should even bother with HTTPS, as I’m already using tail scale which should be peer-to-peer and encrypted. So I shouldn’t worry about any men in the middle.

Am I missing something?

It just feels wrong to work with non-S HTTP :(

  • damium
    link
    fedilink
    English
    arrow-up
    14
    ·
    10 months ago

    It can still have issues with potential attacks that would redirect your client to a system outside of the VPN. It would prevent MitM but not complete replacement.

    • λλλ
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      Yep! It all comes down to your attack surface and how paranoid you want to be.