Re: Privacy and its costs (was: Re: Mandatory encryption)

Fair point; I should. -T

On Wed, Jul 18, 2012 at 5:13 PM, "Martin J. Dürst"
<duerst@it.aoyama.ac.jp> wrote:
> Hello Tim,
>
> On 2012/07/19 0:09, Tim Bray wrote:
>>
>> On Wed, Jul 18, 2012 at 6:56 AM, Eliot Lear<lear@cisco.com>  wrote:
>
>
>>> This is a red herring.  The real argument is around the ability of all
>>> web
>>> servers to get certificates
>>
>>
>> This pattern keeps coming up.
>> A: “Privacy is good”
>> B: “No, because the technology is currently too expensive/unreliable”
>>
>> Uh... privacy is good.  -T
>
>
> Okay, Tim, here's a challenge for you then:
>
> If privacy is important (I'm with you here, of course), and if privacy
> requires TLS (like many others on this list, I have my strong doubts, but
> you seem to think so), how come that your own site
> http://www.tbray.org/ongoing/ still uses http rather than https?
>
> Is the privacy of the readers of Ongoing just less important than the
> privacy of user of the average Web site? Or is it that you just haven't
> realized that was still on http?
>
> Why don't you actually go to the trouble of moving Ongoing to TLS, with a
> chained (i.e. not self-signed) certificate, and tell us how many working
> hours/days and how much money it took you to set it up. This may make for an
> interesting learning experience, and an interesting blog entry.
>
> [This challenge is of course also for all the other people who advocate to
> tie in mandatory TLS with HTTP 2.0; I just picked Tim because I know his
> site and I know he likes such challenges :-).]
>
> Regards,   Martin.
>
> P.S.: I have my own server for my lab (way less slick than Ongoing, I have
> to admit), and I have considered using https: at least about once every
> year, probably more. It would be the right thing to do. But the amount of
> time it would require from me, to set it up and to make sure it's set up
> correctly, is just too much.

Received on Thursday, 19 July 2012 03:23:52 UTC