Marking HTTP As Non-Secure from Patrick Kolodziejczyk on 2014-12-17 (public-webappsec@w3.org from December 2014)

From: Patrick Kolodziejczyk <patrick.kolodziejczyk@viseo.com>
Date: Wed, 17 Dec 2014 10:42:12 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <1418812931745.66693@viseo.com>

Hi


Did read your proposal at :

https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure


 I don't like the idea of saying HTTP is not secure, by default.

It's really important that a part of our communication stay not encrypted and not private. Not cause of a technical reason, but for a social one.


If all communications are encrypted, including source of information. It's mean, getting public information can be a problem.

It's like hidding for read a new paper. Yes, if it's a problem to do it, it's better that we make it private stuff. But IF we think it's not a problem and shouldn't be, then we have to make sur it's stay "safe and public".


Plus, the fact that source of information start to adjust there discours in function of there reader. Making it private, make sur that no one will ever verify that.


So don't make HTTP as non-secure. Help people to know when they send private data and to who.


Thanks for reading.


Truly,

Patrick Kolodziejczyk
Ingénieur Conception et Développement
BU technologies - Groupe Viseo
190, rue Garibaldi - 69003 LYON
Tél.  +33 (0)4 72 33 78 30
http://www.viseo.com<http://objetdirect.com/>

Received on Thursday, 18 December 2014 14:20:10 UTC