W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Privacy and its costs (was: Re: Mandatory encryption)

From: Martin J. Dürst <duerst@it.aoyama.ac.jp>
Date: Thu, 19 Jul 2012 09:13:59 +0900
Message-ID: <50075147.3080609@it.aoyama.ac.jp>
To: Tim Bray <tbray@textuality.com>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Hello Tim,

On 2012/07/19 0:09, Tim Bray wrote:
> On Wed, Jul 18, 2012 at 6:56 AM, Eliot Lear<lear@cisco.com>  wrote:

>> This is a red herring.  The real argument is around the ability of all web
>> servers to get certificates
>
> This pattern keeps coming up.
> A: “Privacy is good”
> B: “No, because the technology is currently too expensive/unreliable”
>
> Uh... privacy is good.  -T

Okay, Tim, here's a challenge for you then:

If privacy is important (I'm with you here, of course), and if privacy 
requires TLS (like many others on this list, I have my strong doubts, 
but you seem to think so), how come that your own site 
http://www.tbray.org/ongoing/ still uses http rather than https?

Is the privacy of the readers of Ongoing just less important than the 
privacy of user of the average Web site? Or is it that you just haven't 
realized that was still on http?

Why don't you actually go to the trouble of moving Ongoing to TLS, with 
a chained (i.e. not self-signed) certificate, and tell us how many 
working hours/days and how much money it took you to set it up. This may 
make for an interesting learning experience, and an interesting blog entry.

[This challenge is of course also for all the other people who advocate 
to tie in mandatory TLS with HTTP 2.0; I just picked Tim because I know 
his site and I know he likes such challenges :-).]

Regards,   Martin.

P.S.: I have my own server for my lab (way less slick than Ongoing, I 
have to admit), and I have considered using https: at least about once 
every year, probably more. It would be the right thing to do. But the 
amount of time it would require from me, to set it up and to make sure 
it's set up correctly, is just too much.
Received on Thursday, 19 July 2012 00:14:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 July 2012 00:14:44 GMT