From 2ee9325f49d9d700936fa7fa3289783747c6620f Mon Sep 17 00:00:00 2001
From: rugk <rugk@posteo.de>
Date: Wed, 24 Aug 2016 23:28:54 +0200
Subject: [PATCH] Make clear that HTTPS provides basic security...

whereas the other things are advantaged security features.
---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c04d961e..2c17e5e3 100644
--- a/README.md
+++ b/README.md
@@ -40,9 +40,10 @@ without loosing any data.
 
 - As a user you have to trust the server administrator, your internet provider
   and any country the traffic passes not to inject any malicious javascript code.
-  Ideally, the PrivateBin installation used should provide HTTPS, secured by
+  For a basic security the PrivateBin installation *has to provide HTTPS*!
+  Additionally it should be secured by
   [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and
-  [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a
+  ideally by [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a
   certificate either validated by a trusted third party (check the certificate
   when first using a new PrivateBin instance) or self-signed by the server
   operator, validated using a