- From: Chris Palmer <palmer@google.com>
- Date: Tue, 9 Dec 2014 10:31:38 -0800
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- Cc: "Eric J. Bowman" <eric@bisonsystems.net>, Mark Nottingham <mnot@mnot.net>, "www-tag@w3.org List" <www-tag@w3.org>
On Mon, Dec 8, 2014 at 7:23 PM, Melvin Carvalho <melvincarvalho@gmail.com> wrote: > IMHO, People prefer utility and convenience over security, in most cases. ...if that is true, perhaps it is because people believe that we engineers are not so insane as to broadcast their passwords, cookies, and email over the airwaves in the clear. But we have historically been that insane. We've been lying by omission since the web was born. For example, we show no connection error or bad indicator for plaintext, unauthenticated communications. So of course people assume that basic safety is taken care of, and then they look for utility and convenience. We engineers have a lot of explaining to do. We can't self-justify by claiming to know what people want while keeping them unaware of reality. > The long tail of innovation among developers require an easy way to get up > and running. HTTP provides that, but HTTPS currently does not. It's > expensive and still in many cases painful to set up and maintain. Have you tried recently? Amazon EC2 + SSLmate.com is not significantly harder than EC2 alone. Even I can do it. And, yes, Let's Encrypt will make things better yet (in some ways, it's just SSLmate for $0 instead of $15). Everyone's on board with that.
Received on Tuesday, 9 December 2014 18:32:05 UTC