- From: Mike Belshe <mike@belshe.com>
- Date: Sun, 17 Nov 2013 07:46:54 -0800
- To: Robert Collins <robertc@squid-cache.org>
- Cc: Tim Bray <tbray@textuality.com>, httpbis mailing list <ietf-http-wg@w3.org>
- Message-ID: <CABaLYCtyuvjX+VwmUXcA9cCr6E0_fCS+fUWfruC9cQaAGvX_ew@mail.gmail.com>
No, this is a pro not a con. It is unethical for us to ship unsecure software. http without tls is fundamentally below the bar of basic, known best practices. On Nov 17, 2013 12:47 AM, "Robert Collins" <robertc@squid-cache.org> wrote: > C5.2 It’s unethical to insert encryption into people’s connections > without their consent. > This has an inverse: > P3 : It's unethical to have presumed-private conversations not be > > Arguably to P1 (protection) : this is about expectations of users. > > -Rob > > On 17 November 2013 14:03, Tim Bray <tbray@textuality.com> wrote: > > There has been a *whole lot* of traffic on this subject. It’s > fascinating > > that the meeting of minds is so difficult, and any possibility of that > > happening is made more difficult by the discussion skewing back and forth > > across the road. > > > > To help sort things out in my own mind, I just went and read the last few > > hundred messages and attempted to curate the pervasive/mandatory > encryption > > arguments, pro and contra. It’s in a Google doc that’s open to comment > by > > anyone: http://goo.gl/6yhpC1 Hm, is there a handy wiki platform > somewhere > > that can stand up to the pressure? > > > > I don’t know if trying to organize the talking points is generally > useful, > > but I sure found it personally useful; maybe others will too. > > > > Disclosure: I remain pretty strongly in favor of as much mandatory > > encryption as we can get, so that may have filtered my expression of the > > issues. I've version-stamped this: 2013/11/16, and promise not to > change it > > in case people comment on it. > >
Received on Sunday, 17 November 2013 15:47:22 UTC