- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Mon, 26 Mar 2012 08:34:22 +0000
- To: patrick mcmanus <pmcmanus@mozilla.com>
- cc: ietf-http-wg@w3.org
In message <4F701E44.6060108@mozilla.com>, patrick mcmanus writes: >On 3/26/2012 7:56 AM, Poul-Henning Kamp wrote: >Existence proofs: google does all of their logged in user search over >SSL, Twitter encourages SSL by default, Facebook is widely used that >way. It pretty clearly can be done at scale. Its not free, but its worth it. The fact that a certain size and class of companies roll out SSL is no where near a proof that everybody would or should do so. Counter proof: How many p0rn sites deliver legal images via SSL ? >More importantly - no user wants to use an insecure protocol - ever. I don't think the majority of users consider HTTP an unsecure protocol for p0rn, newspapers and blogs. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Monday, 26 March 2012 08:34:50 UTC