Re: The ability to automatically upgrade a reference to HTTPS from HTTP

Heh. This just came up on HN

On Tue, Aug 26, 2014 at 9:20 AM, Marc Fawzi <> wrote:

> Very interesting thoughts, and relevant. The web as it stands right now is
> the greatest surveillance mechanism, and granted that nothing can be secure
> against state actors, there still need to be an attempt to analyze the
> current weaknesses (any org can be a CA and any CA can be coerced) and find
> some alternative. Worrying about the web breaking due to the move to https
> is a legitimate and practical concern but it's dwarfed by the actualized
> concern that https has evolved into a selective surveillance mechanism. A
> false sense of security is worse than no security, especially if you
> consider that criminal orgs could get in the game. The cat is out of the
> bag.
> If anyone has any idea, what are the potential solutions?
> On Tue, Aug 26, 2014 at 9:05 AM, adasal <> wrote:
>> On 26 August 2014 15:29, <> wrote:
>>> I’m not sure i understand *why* https should be required everywhere,
>>> since risk management should take into account the value of what is at risk
>>> versus the costs but that is a different discussion.
>> Nor I.
>> If it is an overreaction then that overreaction can be analysed.
>> Typically it is said that overreactions are default positions held on to in
>> the face of some *imagined* anxieties.
>> And that they hide what the anxiety really is.
>> I think the real anxiety, in this context, is about identity and data
>> ownership, problems that universal adoption of https obscure rather than
>> alleviate.
>> The problems of identity and data ownership are not ubiquitous and
>> universally present.
>> They need case by case solutions.
>> But the sense of a threat in that area is a sense of a universal threat,
>> which really comes from how capitalism is working out in this area. By
>> which I mean a scrabble to own, access or mediate data by large players
>> makes it seem as if data must be owned, accessed or mediated enmass. Hence
>> the sense of universal threat.
>> Adam Saltiel

Received on Thursday, 28 August 2014 13:34:55 UTC