- From: Larry Masinter <masinter@adobe.com>
- Date: Sat, 17 Aug 2013 03:09:23 -0700
- To: Tim Bray <tbray@textuality.com>, Ian Jacobs <ij@w3.org>
- CC: "shane@aptest.com" <shane@aptest.com>, Robin Berjon <robin@w3.org>, "Tab Atkins, Jr." <jackalmage@gmail.com>, Dom Hazael-Massieux <dom@w3.org>
- Message-ID: <C68CB012D9182D408CED7B884F441D4D3472A46BF2@nambxv01a.corp.adobe.com>
encryption != privacy, and turning on encryption might not actually be helpful. Besides the obvious latency and bandwidth overhead, it might also be harmful for other reasons. And for the /TR and publications series, what information is visible with http that cannot be reasonably identified by observing https traffic? Sure there are sites that should use HTTPS, but it’s a case-by-case. I’m all for improving privacy, but I think people are misled if they think encryption is always a net improvement. I don’t spec-prod is the right place to have this discussion, so I moved spec-prod to bcc. I went through this on www-tag for a while. Maybe PING? From: Tim Bray [mailto:tbray@textuality.com] Sent: Wednesday, August 14, 2013 6:30 PM To: Ian Jacobs Cc: shane@aptest.com; Robin Berjon; Tab Atkins, Jr.; spec-prod@w3.org Prod; Dom Hazael-Massieux Subject: Re: ReSpec and https Because on the Web everything should be private by default: https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS https: is the correct default choice. Have you measured the performance impact recently? It’s generally insignificant compared to all other things that slow down the Web experience. -T On Wed, Aug 14, 2013 at 9:23 AM, Ian Jacobs <ij@w3.org<mailto:ij@w3.org>> wrote: On Aug 14, 2013, at 10:35 AM, Shane McCarron <ahby@aptest.com<mailto:ahby@aptest.com>> wrote: > You are correct. Pub rules. I will file a bug with them and just hand edit it out in the meantime. I disagree this is a pubrules bug. Why use https URIs to refer to these images from TR drafts served over http? Using https URIs has a performance impact both for the server and on the client. Dom mentioned to me that editors drafts could be handled differently than TR-ready drafts, and that respec might be improved to generate http uris when the document is ready for publication. Pubrules currently does not have an editor's draft filter. Ian > > On Aug 14, 2013 10:30 AM, "Robin Berjon" <robin@w3.org<mailto:robin@w3.org>> wrote: > On 14/08/2013 17:04 , Tab Atkins Jr. wrote: > On Wed, Aug 14, 2013 at 7:44 AM, Shane McCarron <ahby@aptest.com<mailto:ahby@aptest.com>> wrote: > I noticed today that ReSpec generates https:// for the W3C logo and > stylesheet. Is there a reason for this? The W3C validator complains about > it. > > Likely so you don't get mixed content warnings when viewing things on > https pages (like the dvcs repo). > > Precisely. We tried the option of being smart based on where the draft was generated, but generated drafts get moved around and things break. We tried using // instead but too many people do things like checking drafts from the local file system and got confused (or even just an unpleasant experience). > > I doubt the W3C validator complains about this; I presume Shane meant pubrules. That's a bug in pubrules :) > > -- > Robin Berjon - http://berjon.com/ - @robinberjon -- Ian Jacobs <ij@w3.org<mailto:ij@w3.org>> http://www.w3.org/People/Jacobs Tel: +1 718 260 9447<tel:%2B1%20718%20260%209447>
Received on Saturday, 17 August 2013 10:10:01 UTC