Re: The ability to automatically upgrade a reference to HTTPS from HTTP

Very interesting thoughts, and relevant. The web as it stands right now is
the greatest surveillance mechanism, and granted that nothing can be secure
against state actors, there still need to be an attempt to analyze the
current weaknesses (any org can be a CA and any CA can be coerced) and find
some alternative. Worrying about the web breaking due to the move to https
is a legitimate and practical concern but it's dwarfed by the actualized
concern that https has evolved into a selective surveillance mechanism. A
false sense of security is worse than no security, especially if you
consider that criminal orgs could get in the game. The cat is out of the
bag.

If anyone has any idea, what are the potential solutions?


On Tue, Aug 26, 2014 at 9:05 AM, adasal <adam.saltiel@gmail.com> wrote:

>
> On 26 August 2014 15:29, <frederick.hirsch@nokia.com> wrote:
>
>> I’m not sure i understand *why* https should be required everywhere,
>> since risk management should take into account the value of what is at risk
>> versus the costs but that is a different discussion.
>
>
> Nor I.
> If it is an overreaction then that overreaction can be analysed. Typically
> it is said that overreactions are default positions held on to in the face
> of some *imagined* anxieties.
> And that they hide what the anxiety really is.
> I think the real anxiety, in this context, is about identity and data
> ownership, problems that universal adoption of https obscure rather than
> alleviate.
> The problems of identity and data ownership are not ubiquitous and
> universally present.
> They need case by case solutions.
> But the sense of a threat in that area is a sense of a universal threat,
> which really comes from how capitalism is working out in this area. By
> which I mean a scrabble to own, access or mediate data by large players
> makes it seem as if data must be owned, accessed or mediated enmass. Hence
> the sense of universal threat.
>
> Adam Saltiel
>