Re: Pervasive encryption: Pro and contra

On Sun, Nov 17, 2013 at 1:27 PM, Poul-Henning Kamp <phk@phk.freebsd.dk>wrote:

> In message <
> CABaLYCsFSCxyFK6p7pgBtAwwy11h0tr1pwMGgFR2ouQ-mOis4w@mail.gmail.com>
> , Mike Belshe writes:
>
> >The only difference between us, PHK, is that you're advocating a POLICY of
> >opt-in security. I'm advocating a POLICY of opt-out.
>
> No, you are attempting to eliminate the policy of opt-out.
>

No I am not.  Insecured HTTP is here to stay.  I have not proposed
otherwise.

But as usual, you miss the point.

The point is that you called me out for advocating policy, and that is
fine.  I just want you to realize you are advocating policy as well - you
believe a POLICY that http should be unencrypted.  So much for your "tools
not policies" silliness.


>
> Today privacy or not is a policy decision in the hands of content
> writers who get to choose if they write "http://" or "https://" in
> their links.
>

> You want to take that policy choice away from them, by changing
> the semantics of "http://" under their feet.
>

HTTP does its versioning under the hood.  Upgrading from HTTP/1 to HTTP/1.1
is not under control of the content writer and never has been.  It's up to
the control of the server administrator.  The exact same thing is true for
HTTP/2.


> If you start deploying a main-stream browser now, which heuristically
> attempts HTTPS when it sees "http://", you're going to kill so many
> sites performance that you will become the most hated man on the web.
>

Already exists, dude, and its faster :-)   But I seriously doubt I'll ever
take that title away from you.

This will be my last reply.

Mike







>
> And remember:  We don't deliver policies, we deliver tools.
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
>