Re: Privacy and its costs from Eliot Lear on 2012-07-31 (ietf-http-wg@w3.org from July to September 2012)

From: Eliot Lear <lear@cisco.com>
Date: Wed, 01 Aug 2012 01:05:20 +0200
To: Mike Belshe <mike@belshe.com>
CC: Tim Bray <tbray@textuality.com>, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <501864B0.8060203@cisco.com>

On 7/31/12 6:43 AM, Mike Belshe wrote:
>
> Part of the reason it is hard is because we haven't built the tools we
> need.  Why haven't we built better tools?  Because its too easy to opt
> out.

Or too hard to opt in.

>
> If the net were secure by default and offered no option to amateur
> blokes like us, we'd soon have a one-liner command line mechanism to
> request/sign/issue/install our server certs and we'dl all be laughing
> about how we used to say it was "hard".

I look forward to that day.  But it is not today, and your use of the
term "secure" is loose.  It is possible to make things worse by
attempting to make things more "secure".  Forcing the users to ignore an
indication that works *somewhat* would make things worse.

Eliot

Received on Tuesday, 31 July 2012 23:05:53 UTC