Mandatory encryption

+1 to what seems to be a lot of developers: make TLS mandatory.

>  so, even when used in an internal application protocol, it's going to
>  be end to end
>  encrypted to make it super hard to debug?

In an internal application protocol, why would it be "super hard to
debug"? The client can do an HTTP dump before TLS, the server can do
an HTTP dump after TLS; either of the sides could debug the TLS.

>  http is about more than users using
>  web browsers.

Completely true, and not relevant. Insecure HTTP for non-browser
applications still has the same bad properties, no?

Received on Wednesday, 18 July 2012 00:53:11 UTC