W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: Marking HTTP As Non-Secure

From: Michael Martinez <michael.martinez@xenite.org>
Date: Thu, 18 Dec 2014 10:01:09 -0500
Message-ID: <5492EC35.80706@xenite.org>
To: public-webappsec@w3.org
> On Wed, Dec 17, 2014 at 11:42 AM, Patrick Kolodziejczyk
> <patrick.kolodziejczyk@viseo.com  <mailto:patrick.kolodziejczyk@viseo.com?Subject=Re%3A%20Marking%20HTTP%20As%20Non-Secure&In-Reply-To=%3CCAPgoku0KTDycNXdv0N8c4%3DVPsmrgwKZSZ1KO--LEuU0oyP8Zrw%40mail.gmail.com%3E&References=%3CCAPgoku0KTDycNXdv0N8c4%3DVPsmrgwKZSZ1KO--LEuU0oyP8Zrw%40mail.gmail.com%3E>> wrote:
> > Help people to know when they send private data and to who.
> That’s exactly why HTTPS is needed. Over HTTP there is no way of
> knowing who you’re talking to.

HTTPS is completely useless.  Not only has it failed to prevent massive 
man-in-the-middle attacks against Google and other large "secure" 
service providers this year, it doesn't do anything to protect users' 
data from hacking.  And why should a Website that doesn't require anyone 
to be logged in have to use HTTPS?  You want every innocent blog to 
marked as "unsafe" just because it doesn't use HTTPS?  That is 
completely stupid.

The specifications for turning any smart phone into a rogue wifi hotspot 
have been loose on the Internet for a long time now.  Every coffee shop 
and restaurant you walk into can be used as a front by anyone who wants 
to collect user login and password information by setting up a second 
connection point with a name that resembles the official in-house network.

HTTPS can't stop that and making it more inconvenient for people to 
access the Web is not helping them in any way.

Let Google's Chrome team hang themselves with stupidity.  Other browser 
vendors do not and should not be following in the footsteps of this 
completely brainless agenda.

Michael Martinez

Received on Thursday, 18 December 2014 16:25:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC