W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: [ietf-http-wg] <none>

From: James M Snell <jasnell@gmail.com>
Date: Wed, 18 Jul 2012 08:32:29 -0700
Message-ID: <CABP7Rbdhw+xb5SGHEKPJHRmCoYgqyCenzrUi1Y=O_5UXQ2GoxA@mail.gmail.com>
To: Tim Bray <tbray@textuality.com>
Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, Patrick McManus <pmcmanus@mozilla.com>, Mike Belshe <mike@belshe.com>, Willy Tarreau <w@1wt.eu>, Phillip Hallam-Baker <hallam@gmail.com>, Paul Hoffman <paul.hoffman@gmail.com>, grahame@healthintersections.com.au, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Tim, this entire thread is getting quite silly. TLS is not magic pixie dust
that'll make the world instantly more secure and private just by sprinkling
it about and thinking happy thoughts. For a particular segment of HTTP use,
using TLS by default makes A LOT of sense, granted, but the same does not
hold true for all uses of HTTP and claiming that those of us who say no to
mandatory TLS are simply "anti-user" is dishonest at best.

- James

On Wed, Jul 18, 2012 at 8:06 AM, Tim Bray <tbray@textuality.com> wrote:

> These analogies are really very limited in their usefulness. The
> Internet is “sui generis”, not really like anything else.
>
> The only sane pro-user position is that Internet interaction between
> two endpoints should not be readable by intermediaries.
>
> Clearly, for people who are in the intermediaries business, users are
> not their customers and their priorities may not be well-aligned with
> those of the users.  This is not surprising and not unreasonable. But
> I do object to claims that a pro-intermediary position is actually
> pro-user, that people really don’t want/need privacy.
>
> I’m glad that at least some voices here are pro-user.  -T
>
> On Wed, Jul 18, 2012 at 6:55 AM, Nicolas Mailhot
> <nicolas.mailhot@laposte.net> wrote:
> >> Show me the user that will stand up and say, "Yes, I would like my
> >> communications to be snoopable and changeable by 3rd parties without
> >> my knowledge."
> >
> > Show us the users that only go outside in trenchcoats and sunglasses for
> > fear of being observed going into a particular shop, reading a particular
> > book at the library, etc
> >
> > Users *do* accept lack of absolute confidentiality in real life. Users
> > *do* advertise their tastes and orientations in case they were nor
> > pro-eminent enough (on social web sites, via clothes choices, going
> around
> > with bags with huge shop logos on them)
> >
> > There is *no* real-life user demand for absolute confidentiality, either
> > on the internet or in physical life (except for a few marginals, commonly
> > deemed freaks by the majority of the population)
> >
> > You are inventing requirements users didn't ask of you (and I'm sure
> > others would claim I'm on the freakish side myself)
> >
> > --
> > Nicolas Mailhot
> >
> >
>
>
Received on Wednesday, 18 July 2012 15:33:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 18 July 2012 15:33:24 GMT