W3C home > Mailing lists > Public > www-tag@w3.org > January 2015

Re: Draft finding - "Transitioning the Web to HTTPS"

From: Chris Palmer <palmer@google.com>
Date: Tue, 13 Jan 2015 10:59:48 -0800
Message-ID: <CAOuvq200RDdoAAcm4MghnJGt_Y39EDf3=2=8F17_WMF7ppAfqg@mail.gmail.com>
To: Noah Mendelsohn <nrm@arcanedomain.com>
Cc: "Michael[tm] Smith" <mike@w3.org>, Mark Nottingham <mnot@mnot.net>, Henri Sivonen <hsivonen@hsivonen.fi>, Tim Berners-Lee <timbl@w3.org>, Public TAG List <www-tag@w3.org>
On Tue, Jan 13, 2015 at 8:26 AM, Noah Mendelsohn <nrm@arcanedomain.com> wrote:

> [1] http://www.w3.org/DesignIssues/NoSnooping.html

"""This takes a lot of server CPU cycles, making server farms more
expensive. It would slow the user's computer. It would effectively
slow down the whole net."""

That was not true in 2009, and it's certainly not true now.

"""It also prevents the use of HTTP proxies, which currently help the
efficiency of web access."""

As discussed earlier in this thread, HTTPS requires clients to
knowingly opt in to caching, transforming, or spying proxies. But such
proxies are still possible. HTTPS makes them prove some value.

Overall, TBL seems to be saying that people shouldn't spy on the net,
so that we can enjoy many social goods. Among those goods, he seems to
place the ability to not have to adopt HTTPS. Unfortunately, we don't
like in so innocent a world, and HTTPS is the bare minimum protection
against tampering and spying.
Received on Tuesday, 13 January 2015 19:00:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:09 UTC