- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Thu, 3 Dec 2015 17:20:39 +0000
- To: ietf-http-wg@w3.org, Mike Belshe <mike@belshe.com>
- Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Amos Jeffries <squid3@treenet.co.nz>
On 03/12/15 17:08, Willy Tarreau wrote: > The rule used to be pretty simple : if you don't want others to sniff you, > use SSL. Now since you don't offer that choice to users, it's "hey too bad > for you if someone sniffs you". > > And I agree it's not HTTP/2 nor SPDY, it's the general trend towards SSL > everywhere that some companies are pushing hard, probably in part more to > try to protect the ad space they sell than to protect end users' privacy, > but that's my personal guess only and I could be wrong. For me, the blame here is squarely on the despotic regime. One can argue that folks acting from good motives achieving more use of crypto (such as me, not a company:-) might lead despots to react in that way, (but that is not what I think you're saying), but even so I guess the regime in question were likely already spying on as much as they could so what has changed is that that is now being forced into the open. (At which point I hope other mechanisms can help counter the attack.) S. > > Cheers, > Willy > > >
Received on Thursday, 3 December 2015 17:21:11 UTC