thank you for making restic
I was wondering if it is secure (and makes sense) to use HTTPS to authenticate but not encrypt the connection with a restic-server. This would mean for example to use a client-side certificate for authentication and then use a Null Cipher to disable encryption.
According to restic-server documentation, it would seem ok:
restic already properly encrypts all data it sends, so using HTTPS is mostly about authentication
However, that mostly is what is prompted me to ask this question.