W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: Proposal: Marking HTTP As Non-Secure

From: Michael Martinez <michael.martinez@xenite.org>
Date: Fri, 19 Dec 2014 22:32:37 -0500
Message-ID: <5494EDD5.4010209@xenite.org>
To: public-webappsec@w3.org, blink-dev@chromium.org, security-dev@chromium.org, dev-security@lists.mozilla.org, mozilla-dev-security@lists.mozilla.org
On 12/19/2014 8:33 PM, Donald Stufft wrote:
> So how is marking some Websites as "non-secure" (they all are) improving the situation?  Shaming Website owners for not using encrypted connections, especially when your only concern is that you don't want some random stranger to see that you are reading a blog, is not acceptable.
> I think you’re fundamentally confused, I do not believe that anyone who is making this proposal is trying to force site operators to use HTTPS.

Then I suggest you go back and reread the other posts from people who 
have said exactly that.

It is precisely this kind of inattention to what is actually being said 
that keeps resetting this conversation.

I am very ill right now and I don't have the energy for further 
discussion.  I hope that the people who need to consider these things 
see past the needless nit-pickery and think about the big picture.  You 
won't be able to undo the damage this proposal will do, if it is carried 
out, even if that turns out to be less than some of us fear.

Michael Martinez

Received on Saturday, 20 December 2014 03:33:08 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:44 UTC