Re: Pervasive encryption: Pro and contra

In message <>
, Mike Belshe writes:

>The only difference between us, PHK, is that you're advocating a POLICY of
>opt-in security. I'm advocating a POLICY of opt-out.

No, you are attempting to eliminate the policy of opt-out.

Today privacy or not is a policy decision in the hands of content
writers who get to choose if they write "http://" or "https://" in
their links.

You want to take that policy choice away from them, by changing
the semantics of "http://" under their feet.

If you start deploying a main-stream browser now, which heuristically
attempts HTTPS when it sees "http://", you're going to kill so many
sites performance that you will become the most hated man on the web.

And remember:  We don't deliver policies, we deliver tools.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Sunday, 17 November 2013 21:27:52 UTC