- From: Martin J. Dürst <duerst@it.aoyama.ac.jp>
- Date: Thu, 19 Jul 2012 09:13:59 +0900
- To: Tim Bray <tbray@textuality.com>
- CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Hello Tim, On 2012/07/19 0:09, Tim Bray wrote: > On Wed, Jul 18, 2012 at 6:56 AM, Eliot Lear<lear@cisco.com> wrote: >> This is a red herring. The real argument is around the ability of all web >> servers to get certificates > > This pattern keeps coming up. > A: “Privacy is good” > B: “No, because the technology is currently too expensive/unreliable” > > Uh... privacy is good. -T Okay, Tim, here's a challenge for you then: If privacy is important (I'm with you here, of course), and if privacy requires TLS (like many others on this list, I have my strong doubts, but you seem to think so), how come that your own site http://www.tbray.org/ongoing/ still uses http rather than https? Is the privacy of the readers of Ongoing just less important than the privacy of user of the average Web site? Or is it that you just haven't realized that was still on http? Why don't you actually go to the trouble of moving Ongoing to TLS, with a chained (i.e. not self-signed) certificate, and tell us how many working hours/days and how much money it took you to set it up. This may make for an interesting learning experience, and an interesting blog entry. [This challenge is of course also for all the other people who advocate to tie in mandatory TLS with HTTP 2.0; I just picked Tim because I know his site and I know he likes such challenges :-).] Regards, Martin. P.S.: I have my own server for my lab (way less slick than Ongoing, I have to admit), and I have considered using https: at least about once every year, probably more. It would be the right thing to do. But the amount of time it would require from me, to set it up and to make sure it's set up correctly, is just too much.
Received on Thursday, 19 July 2012 00:14:38 UTC