When I preface “Straight Dope Message Board - Your direct line to thousands of the smartest, hippest people on the planet, plus a few total dipsticks.” with https, I get a certificate warning. Is this as designed or are we expected to use insecure http? Logging into websites using http makes me kind of queasy.
The SSL identity certificate offered by the board is issued to *.cloudfront.net. Which is a division of Amazon. It’s their content hosting service: Low-Latency Content Delivery Network (CDN) - Amazon CloudFront - Amazon Web Services
Which might have something to do with the recent SDMB maintenance shutdown and noticeably improved performance.
Overall the board isn’t really set up right for https. If you do enable https you’ll get lots of split-domain warnings about non-https embedded content on the page. Unless you turn off those warnings. Which pretty thoroughly defeats the security wrapper around everything that https is supposed to provide. A bucket that’s half watertight isn’t really watertight at all.
My bottom line: the inappropriate certificate isn’t a sign of evil. But it is a sign TPTB haven’t put in the effort (yet?) to do https right either.
If that’s the case, then I should definitely change my password from one that I use frequently.
And yes, I know, one shouldn’t re-use passwords.