Re: Fwd (TAG): Draft finding - "Transitioning the Web to HTTPS"

> On Dec 19, 2014, at 13:55 , Nicholas Doty <> wrote:
> On Dec 19, 2014, at 1:25 PM, Eric J. Bowman <> wrote:
>> David Singer wrote:
>>> 4) A discussion of the point from web-sites “look, all my content is
>>> public, I have nothing to hide and hence nothing to secure” maybe
>>> needs addressing?  (“You may not, but you are exposing your
>>> customers/visitors by insisting on plain HTTP.”)
>> Yes. I don't use cookies, so I don't understand what I'm exposing
>> visitors to by stubbornly insisting on HTTP. My site visitors seem to
>> be at greater risk by using their CC's at Sony or Target or...
> It does seem like it would be useful for the TAG finding to explicitly address this point.

Yes, for the site owner, HTTPS appears to have major costs (caching and so on, making sure certs are correct etc.) and little or no benefit (the benefits seem to be for the users). If this is what site operators perceive, we’ll need to address it head-on if we want change.

David Singer
Manager, Software Standards, Apple Inc.

Received on Friday, 19 December 2014 22:41:43 UTC