Re: The ability to automatically upgrade a reference to HTTPS from HTTP

On 26 August 2014 15:29, <frederick.hirsch@nokia.com> wrote:

> I’m not sure i understand *why* https should be required everywhere, since
> risk management should take into account the value of what is at risk
> versus the costs but that is a different discussion.


Nor I.
If it is an overreaction then that overreaction can be analysed. Typically
it is said that overreactions are default positions held on to in the face
of some *imagined* anxieties.
And that they hide what the anxiety really is.
I think the real anxiety, in this context, is about identity and data
ownership, problems that universal adoption of https obscure rather than
alleviate.
The problems of identity and data ownership are not ubiquitous and
universally present.
They need case by case solutions.
But the sense of a threat in that area is a sense of a universal threat,
which really comes from how capitalism is working out in this area. By
which I mean a scrabble to own, access or mediate data by large players
makes it seem as if data must be owned, accessed or mediated enmass. Hence
the sense of universal threat.

Adam Saltiel

Received on Tuesday, 26 August 2014 16:06:18 UTC