- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sun, 17 Nov 2013 22:56:58 +0000
- To: Willy Tarreau <w@1wt.eu>
- cc: HTTP Working Group <ietf-http-wg@w3.org>
In message <20131117225103.GC18577@1wt.eu>, Willy Tarreau writes: >Note I'm not talking about sites, but more the rare use cases where >we currentl expect a self-signed cert to be OK (basically your WiFi >router's setup page, or for developers to test HTTP/2 without having >to request a cert for each host:port combination they work on). Those are also "sites" in the sense that somebody has to write the HTTP server and the HTML. No, let us stick with "http://" and "https://", people have a hard enough time to understand and deploy those two correctly, adding another will not help. >> At least 50% of the pervassive surveillance problem is software we >> cannot trust on the client side. > >I dont think it's that high if we're talking about surveillance. One word: Smartphones. Between Microsoft, Apple and Google/Android, I doubt it is as low as 50%. (I'm assuming we're not just talking NSA here ?) -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 17 November 2013 22:57:20 UTC