Blockchain.info is dropping support for all http:// requests on December 14th

[NarC]

From their /api page.
"Blockchain.info is dropping support for all http:// requests on December 14th. Please make sure all API requests use https://"

Does that mean any type of query to the blockchain api from my site (currently not a https://) will not work?

[Blazr]

From their /api page.
"Blockchain.info is dropping support for all http:// requests on December 14th. Please make sure all API requests use https://"

Does that mean any type of query to the blockchain api from my site (currently not a https://) will not work?

Your website doesn't need to be HTTPS, it means that when you are querying blockchain.info you need to use HTTPS.

[NarC]

From their /api page.
"Blockchain.info is dropping support for all http:// requests on December 14th. Please make sure all API requests use https://"

Does that mean any type of query to the blockchain api from my site (currently not a https://) will not work?

Your website doesn't need to be HTTPS, it means that when you are querying blockchain.info you need to use HTTPS.

Ahhh yeah, I guess I read that totally wrong. Thanks for your response.

[Martijnvdc]

From their /api page.
"Blockchain.info is dropping support for all http:// requests on December 14th. Please make sure all API requests use https://"

Does that mean any type of query to the blockchain api from my site (currently not a https://) will not work?

Your website doesn't need to be HTTPS, it means that when you are querying blockchain.info you need to use HTTPS.

Interesting. I wonder why they did that. What's the danger in not encrypting harmless queries such as checking a address balance? What secrets could it possibly reveal?

[amaclin]

Interesting. I wonder why they did that. What's the danger in not encrypting harmless queries such as checking a address balance? What secrets could it possibly reveal?

The request or/and response can be modified by man-in-the-middle.
So... This is one more shoot to decentralization. We have to trust trird- (bc.i) and fourth-party (certificate issuer)

[Blazr]

Interesting. I wonder why they did that. What's the danger in not encrypting harmless queries such as checking a address balance? What secrets could it possibly reveal?

The request or/and response can be modified by man-in-the-middle.
So... This is one more shoot to decentralization. We have to trust trird- (bc.i) and fourth-party (certificate issuer)

You can use certificate pinning so you don't have to trust any certificate authority.

[gmaxwell]

So... This is one more shoot to decentralization. We have to trust trird- (bc.i) and fourth-party (certificate issuer)

Uh. ... You realize this is a massive upgrade right?  Before you were trusting all of the hundreds of parties that could be MITMing your connection, and after you trust fewer (just bc.i their staff and contractors, cloudflare, and any certificate authority or someone who has compromised them or received a sub-CA cert from one).  The certificate issuer has no active role in the connection you make, their role was simply to one-time sign a public key bc.i presented to them and attest that it really was bc.i.

[amaclin]

Uh. ... You realize this is a massive upgrade right?

You know my opinion. Bitcoin is dead. Already dead.
Because decentralization takes more energy than centralized systems.
You have to waste more and more energy/power/electricity day-to-day and month-to-month just to secure transactions
And every step to bitcoin2.0 is just a step to a centralization.
There is no other way.

[Blazr]

Because decentralization takes more energy than centralized systems.

Thats not always true, have a look at Gnutella.

You have to waste more and more energy/power/electricity day-to-day and month-to-month just to secure transactions

No you don't, we only need enough hashpower to mitigate a 51% attack, it doesn't need to keep increasing, the only reason the hashrate is increasing right now is because mining equipment has gotten much more efficient in a very short period of time and more and more people are entering the bitcoin mining industry.

[amaclin]

No you don't, we only need enough hashpower to mitigate a 51% attack

Would you physically destroy 1/2 worldwide old asics when the hashpower drop down twice from current values? But how?
Switched off equipment is non-profitable for mining, but suitable for attack