W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Pervasive encryption: Pro and contra

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Sun, 17 Nov 2013 21:27:29 +0000
To: Mike Belshe <mike@belshe.com>
cc: Robert Collins <robertc@squid-cache.org>, Tim Bray <tbray@textuality.com>, httpbis mailing list <ietf-http-wg@w3.org>
Message-ID: <58117.1384723649@critter.freebsd.dk>
In message <CABaLYCsFSCxyFK6p7pgBtAwwy11h0tr1pwMGgFR2ouQ-mOis4w@mail.gmail.com>
, Mike Belshe writes:

>The only difference between us, PHK, is that you're advocating a POLICY of
>opt-in security. I'm advocating a POLICY of opt-out.

No, you are attempting to eliminate the policy of opt-out.

Today privacy or not is a policy decision in the hands of content
writers who get to choose if they write "http://" or "https://" in
their links.

You want to take that policy choice away from them, by changing
the semantics of "http://" under their feet.

If you start deploying a main-stream browser now, which heuristically
attempts HTTPS when it sees "http://", you're going to kill so many
sites performance that you will become the most hated man on the web.

And remember:  We don't deliver policies, we deliver tools.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 17 November 2013 21:27:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC