SSL (well, TLS now) serves three purposes.
  1. Ensuring you are getting the information the website author intends for you to get. i.e. data can’t be manipulated in transit.
  2. Ensuring the information you are getting is in fact coming from the domain you are requesting it from.
  3. Preventing others between you and the website from seeing the information sent back and forth.
I think you questioned the need for TLS here assuming 3 was the only purpose of TLS?
I found this comment on the linked HN thread insightful and probably very useful for a lot of folks. Sensitive data isn’t the only argument for TLS
Yes. It's about CIA: confidentiality, integrity and authenticity.
People most of the times only think about C
reply