I'd be happy if EU outlawed this instead of outlawing encryption.
But indeed, the ability to publish on my own outweights the risk of someone modding my content.
Most of us here read their news from work laptops, where the employer and their MiTM supplier are a much bigger threat even for HTTPS websites.
This puts the question into my brain, which I have never thought to pursue, of whether you could offer a self-signed cert that the user has to install for HTTPS.
Their client will complain loudly until and unless they install it, but then for those who care you could offer the best of both worlds.
Almost certainly more trouble than it's worth. G'ah, and me without any free time to pursue a weekend hobby project!
> for those who care you could offer the best of both worlds.
You're not really offering that because the first connection could've be intercepted.
Too true. The old model is that you have to sneaker-net that first step. To get someone's public key, you'd literally meet them in person and they'd hand you a copy. We don't do that anymore.
I can imagine alternate approaches (service that stores personal keys on an HTTPS server signed via a public cert, keys in peer-to-peer filesharing with the checksum provided side-channel), but that gets increasingly more elaborate for diminishing return.