- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sun, 17 Nov 2013 21:27:29 +0000
- To: Mike Belshe <mike@belshe.com>
- cc: Robert Collins <robertc@squid-cache.org>, Tim Bray <tbray@textuality.com>, httpbis mailing list <ietf-http-wg@w3.org>
In message <CABaLYCsFSCxyFK6p7pgBtAwwy11h0tr1pwMGgFR2ouQ-mOis4w@mail.gmail.com> , Mike Belshe writes: >The only difference between us, PHK, is that you're advocating a POLICY of >opt-in security. I'm advocating a POLICY of opt-out. No, you are attempting to eliminate the policy of opt-out. Today privacy or not is a policy decision in the hands of content writers who get to choose if they write "http://" or "https://" in their links. You want to take that policy choice away from them, by changing the semantics of "http://" under their feet. If you start deploying a main-stream browser now, which heuristically attempts HTTPS when it sees "http://", you're going to kill so many sites performance that you will become the most hated man on the web. And remember: We don't deliver policies, we deliver tools. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 17 November 2013 21:27:52 UTC