- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 19 Jan 2015 13:27:26 +0100
- To: Paul Libbrecht <paul@hoplahup.net>
- Cc: "Henry S. Thompson" <ht@inf.ed.ac.uk>, Mark Nottingham <mnot@mnot.net>, Henri Sivonen <hsivonen@hsivonen.fi>, Chris Palmer <palmer@google.com>, Noah Mendelsohn <nrm@arcanedomain.com>, "Michael[tm] Smith" <mike@w3.org>, Tim Berners-Lee <timbl@w3.org>, Public TAG List <www-tag@w3.org>
On Mon, Jan 19, 2015 at 1:22 PM, Paul Libbrecht <paul@hoplahup.net> wrote: > do you happen to talk to someone you do not know on the street? > It happens to me, and I never ask for an ID card before! ;-) I don't really see how that compares to the exchange of confidential information. > MITM-attacks are possible but that does not mean that everyone is being attacked. > That's the way http has been working and it still does. It turns out a lot of people are being attacked by injection of ads, tracker IDs, etc. > It is precisely this: recommendations have been expressed in such a way as it could be understood as "we should all rush to everything secure"… but there's no reason for such a rush and the smooth path to something more secure needs a decent support for self-signed-certs, I claim. Again, if we train users that self-signed certificates are okay, the next time they visit their bank online (and remember, the network cannot be trusted) they will lose. Not acceptable. -- https://annevankesteren.nl/
Received on Monday, 19 January 2015 12:27:50 UTC