- From: David Morris <dwm@xpasc.com>
- Date: Thu, 14 Nov 2013 16:16:55 -0800 (PST)
- To: Bruce Perens <bruce@perens.com>
- cc: Roberto Peon <grmocg@gmail.com>, James Snell <jasnell@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>, Julian Reschke <julian.reschke@gmx.de>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
On Thu, 14 Nov 2013, Bruce Perens wrote: > On 11/14/2013 12:21 PM, Roberto Peon wrote: > > > We can wish honey dreams all day and night long of a web where deploying plaintext works > > Gosh, how badly that dumb Tim B-L failed because he didn't encrypt from the very start. The web might have > been a success if he'd just listened to you. :-) > > Plaintext works if you aren't attempting to subvert the entire protocol by tunneling through it. Yeah, I've been doing web work for 18+ years and this is the first claim I've seen that plain text makes the web unreliable. What I know for sure is that adding certficate management has filled my experience with headaches from a server administrator's perspective. There are products that subvert ssl/tls because the controlling interested parties won't allow their networks to be subjected to unispectable traffic. I'm tired of hearing about pervasive snooping by governments where our commercial providers are busy scanning email traffic after it is in their environment. Encryption isn't going to make my web experience more reliable, my empirical evidences is that we'll just have one more thing to cause end user confusion and frustration. Dave Morris
Received on Friday, 15 November 2013 00:17:32 UTC