Re: Pervasive encryption: Pro and contra

On Sun, Nov 17, 2013 at 1:27 PM, Poul-Henning Kamp <>wrote:

> In message <
> , Mike Belshe writes:
> >The only difference between us, PHK, is that you're advocating a POLICY of
> >opt-in security. I'm advocating a POLICY of opt-out.
> No, you are attempting to eliminate the policy of opt-out.

No I am not.  Insecured HTTP is here to stay.  I have not proposed

But as usual, you miss the point.

The point is that you called me out for advocating policy, and that is
fine.  I just want you to realize you are advocating policy as well - you
believe a POLICY that http should be unencrypted.  So much for your "tools
not policies" silliness.

> Today privacy or not is a policy decision in the hands of content
> writers who get to choose if they write "http://" or "https://" in
> their links.

> You want to take that policy choice away from them, by changing
> the semantics of "http://" under their feet.

HTTP does its versioning under the hood.  Upgrading from HTTP/1 to HTTP/1.1
is not under control of the content writer and never has been.  It's up to
the control of the server administrator.  The exact same thing is true for

> If you start deploying a main-stream browser now, which heuristically
> attempts HTTPS when it sees "http://", you're going to kill so many
> sites performance that you will become the most hated man on the web.

Already exists, dude, and its faster :-)   But I seriously doubt I'll ever
take that title away from you.

This will be my last reply.


> And remember:  We don't deliver policies, we deliver tools.
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.

Received on Sunday, 17 November 2013 21:42:02 UTC