waldoj
commented
9 years ago Strictly speaking, there's nothing about this data that is confidential. There's no legal obligation to protect it. But that doesn't mean that this doesn't warrant strong TLS.
Closed waldoj closed 9 years ago
waldoj
commented
9 years ago Strictly speaking, there's nothing about this data that is confidential. There's no legal obligation to protect it. But that doesn't mean that this doesn't warrant strong TLS.
waldoj
commented
9 years ago OTOH, how is anybody supposed to test a client if we require an SSL cert first? :-/
waldoj
commented
9 years ago I don't see how this is in any way enforceable. :(
It's not safe to collect this information without SSL. Perhaps support a debug mode that doesn't require SSL, and a live mode that does require SSL. Maybe debug mode also wouldn't actually submit data to a live server.