Re: Privacy and its costs (was: Re: Mandatory encryption)

Fair point; I should. -T

On Wed, Jul 18, 2012 at 5:13 PM, "Martin J. Dürst"
<> wrote:
> Hello Tim,
> On 2012/07/19 0:09, Tim Bray wrote:
>> On Wed, Jul 18, 2012 at 6:56 AM, Eliot Lear<>  wrote:
>>> This is a red herring.  The real argument is around the ability of all
>>> web
>>> servers to get certificates
>> This pattern keeps coming up.
>> A: “Privacy is good”
>> B: “No, because the technology is currently too expensive/unreliable”
>> Uh... privacy is good.  -T
> Okay, Tim, here's a challenge for you then:
> If privacy is important (I'm with you here, of course), and if privacy
> requires TLS (like many others on this list, I have my strong doubts, but
> you seem to think so), how come that your own site
> still uses http rather than https?
> Is the privacy of the readers of Ongoing just less important than the
> privacy of user of the average Web site? Or is it that you just haven't
> realized that was still on http?
> Why don't you actually go to the trouble of moving Ongoing to TLS, with a
> chained (i.e. not self-signed) certificate, and tell us how many working
> hours/days and how much money it took you to set it up. This may make for an
> interesting learning experience, and an interesting blog entry.
> [This challenge is of course also for all the other people who advocate to
> tie in mandatory TLS with HTTP 2.0; I just picked Tim because I know his
> site and I know he likes such challenges :-).]
> Regards,   Martin.
> P.S.: I have my own server for my lab (way less slick than Ongoing, I have
> to admit), and I have considered using https: at least about once every
> year, probably more. It would be the right thing to do. But the amount of
> time it would require from me, to set it up and to make sure it's set up
> correctly, is just too much.

Received on Thursday, 19 July 2012 03:23:52 UTC