W3C home > Mailing lists > Public > semantic-web@w3.org > August 2014

Re: The ability to automatically upgrade a reference to HTTPS from HTTP

From: carmen <_@whats-your.name>
Date: Mon, 25 Aug 2014 19:51:43 +0000
To: semantic-web@w3.org
Message-ID: <20140825195143.GA22850@t5.clearwire-wmx.net>
> whether or not the move to HTTPS is anything more than a knee jerk reaction

even/especially "privacy utopia" github-projects with their undertested code + protocols, attractively-interesting userbase of early-adopter freaks, like HTTPS could fall prey to a sophisticated intelligence-agency with telco-collaborators, hackers who deploy auto-MITM-tooling into auto-delivered software-update bundles, a former best-friend who was bribed by a corporate-espionage type to leave a special phone-charger by the coffee table, mafia thugs w/ a lead-pipe at your door demanding private-keys, or the bored loner who found the next Heartbleed bug before some hot new code-auditing firm. somehow it's garnered enough widespread support from users, companies, browser-vendors that it's mostly just a matter of "flipping it on". in part beacuse of the continued interest of other parties unhappy with SSL, you can find Manu and others talking about Ethereum and Bitcoin and all manner of futuristic possibilities on the web-payments lists and other places

the original web is an example of radical-transparency, and this is trivially-exploitable by anyone, including artists:
Received on Monday, 25 August 2014 19:52:14 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 08:45:38 UTC