If logging in were the only part of the site that required HTTPS, we might have made a different choice on how to handle POODLE. But the shop is also served by HTTPS only, so we made the decision to shut off SSLv3 support rather than allow people to transfer credit card data over a known-insecure protocol.
Yeah, that makes sense. It would be nice if that was the initial explanation.
It's a shame that you can't separate the shop from login, seeing as how they have different required levels of security. For login, any is better than some but plaintext is adequate; for shop, there's a minimum level below which it's better that the shop not be accessible.
In an interesting synchronicity, we were just having a chat over in liv's journal about a hidden dimension of social justice in website platform compatibility. As is touched on there, I bet you dollars to donuts the people who are going to be affected by this aren't using IE anything: they're using browsers you never heard of on older phones and PDAs, or just cheaper ones. I bet you the people who will be impacted will predominantly be people accessing DW from mobile devices.
no subject
Yeah, that makes sense. It would be nice if that was the initial explanation.
It's a shame that you can't separate the shop from login, seeing as how they have different required levels of security. For login, any is better than some but plaintext is adequate; for shop, there's a minimum level below which it's better that the shop not be accessible.
In an interesting synchronicity, we were just having a chat over in