W3C home > Mailing lists > Public > spec-prod@w3.org > July to September 2013

RE: ReSpec and https

From: Larry Masinter <masinter@adobe.com>
Date: Sat, 17 Aug 2013 03:09:23 -0700
To: Tim Bray <tbray@textuality.com>, Ian Jacobs <ij@w3.org>
CC: "shane@aptest.com" <shane@aptest.com>, Robin Berjon <robin@w3.org>, "Tab Atkins, Jr." <jackalmage@gmail.com>, Dom Hazael-Massieux <dom@w3.org>
Message-ID: <C68CB012D9182D408CED7B884F441D4D3472A46BF2@nambxv01a.corp.adobe.com>
encryption != privacy, and turning on encryption might not actually be helpful.  Besides the obvious latency and bandwidth overhead, it might also be harmful for other reasons.

And for the /TR and publications series, what information is visible with http that cannot be reasonably identified by observing https traffic?

Sure there are sites that should use HTTPS, but it’s a case-by-case.

I’m all for improving privacy, but I think people are misled if they think encryption is always a net improvement.

I don’t spec-prod is the right place to have this discussion, so I moved spec-prod to bcc.

I went through this on www-tag for a while. Maybe PING?

From: Tim Bray [mailto:tbray@textuality.com]
Sent: Wednesday, August 14, 2013 6:30 PM
To: Ian Jacobs
Cc: shane@aptest.com; Robin Berjon; Tab Atkins, Jr.; spec-prod@w3.org Prod; Dom Hazael-Massieux
Subject: Re: ReSpec and https

Because on the Web everything should be private by default: https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS

https: is the correct default choice.  Have you measured the performance impact recently?  It’s generally insignificant compared to all other things that slow down the Web experience.  -T

On Wed, Aug 14, 2013 at 9:23 AM, Ian Jacobs <ij@w3.org<mailto:ij@w3.org>> wrote:

On Aug 14, 2013, at 10:35 AM, Shane McCarron <ahby@aptest.com<mailto:ahby@aptest.com>> wrote:

> You are correct.  Pub rules. I will file a bug with them and just hand edit it out in the meantime.

I disagree this is a pubrules bug. Why use https URIs to refer to these images from TR drafts served over http?
Using https URIs has a performance impact both for the server and on the client.

Dom mentioned to me that editors drafts could be handled differently than TR-ready drafts, and that respec might
be improved to generate http uris when the document is ready for publication. Pubrules currently does not have
an editor's draft filter.


> On Aug 14, 2013 10:30 AM, "Robin Berjon" <robin@w3.org<mailto:robin@w3.org>> wrote:
> On 14/08/2013 17:04 , Tab Atkins Jr. wrote:
> On Wed, Aug 14, 2013 at 7:44 AM, Shane McCarron <ahby@aptest.com<mailto:ahby@aptest.com>> wrote:
> I noticed today that ReSpec generates https:// for the W3C logo and
> stylesheet.  Is there a reason for this?  The W3C validator complains about
> it.
> Likely so you don't get mixed content warnings when viewing things on
> https pages (like the dvcs repo).
> Precisely. We tried the option of being smart based on where the draft was generated, but generated drafts get moved around and things break. We tried using // instead but too many people do things like checking drafts from the local file system and got confused (or even just an unpleasant experience).
> I doubt the W3C validator complains about this; I presume Shane meant pubrules. That's a bug in pubrules :)
> --
> Robin Berjon - http://berjon.com/ - @robinberjon

Ian Jacobs <ij@w3.org<mailto:ij@w3.org>>      http://www.w3.org/People/Jacobs

Tel:                                          +1 718 260 9447<tel:%2B1%20718%20260%209447>

Received on Saturday, 17 August 2013 10:10:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:55:19 UTC