Re: Moving forward on improving HTTP's security

On Wed, Nov 13, 2013 at 2:32 PM, Mike Belshe <> wrote:
> Look, we've had this debate time and time again and its always the people
> with vested interests that are against TLS.  I have yet to hear from a
> single person that is against TLS who isn't either a hacker, a government
> agent, or a seller of software which relies on unsecured traffic.  Not one.
> Actually, the hackers don't care that much.

Such generalizations are pointless, really; and do nothing to move the
ball forward. FWIW, I am against mandatory TLS and I do not fall into
any of your categories above. Oh, certainly, there may very well
people others who work for the same company I do that might fall into
one of these categories, but I'm not here representing them, nor am I
here representing my employer. I'm here as an individual with
absolutely zero "vested interest" against TLS. I'm sure I am not the
only one who doesn't fit into the pigeon holes you have carved out, so
please, let's stop the pointless rhetoric and stick to the *technical*
merits of the proposals.

Strongly recommending the use of TLS is fine; even making it the
default option is fine; mandating TLS is not fine and could be
actively counterproductive to addressing the real underlying problems
by either providing a false sense of security or by actively
encouraging abuse.

- James

> I do hear what you're writing, that you think use of more TLS will somehow
> cripple existing TLS, but you're ignoring that it is hackable now...  Our
> use of it doesn't change that.  Despite shortcomings, we do need to raise
> the bar -  there is real, documented evidence of that.  And TLS will evolve
> too, and we (http) will evolve with it.
> Upwards and onwards!
> Mike
>> Willy

Received on Wednesday, 13 November 2013 22:41:11 UTC