W3C home > Mailing lists > Public > www-tag@w3.org > January 2015

Re: Draft finding - "Transitioning the Web to HTTPS"

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 19 Jan 2015 22:37:38 +0100
Message-ID: <54BD7922.1010802@gmx.de>
To: Paul Libbrecht <paul@hoplahup.net>, Anne van Kesteren <annevk@annevk.nl>
CC: "Henry S. Thompson" <ht@inf.ed.ac.uk>, Mark Nottingham <mnot@mnot.net>, Henri Sivonen <hsivonen@hsivonen.fi>, Chris Palmer <palmer@google.com>, Noah Mendelsohn <nrm@arcanedomain.com>, "Michael[tm] Smith" <mike@w3.org>, Tim Berners-Lee <timbl@w3.org>, Public TAG List <www-tag@w3.org>
On 2015-01-19 13:51, Paul Libbrecht wrote:
> ...
> Please stop saying we are steadily under attack. We are not.

My understanding is that yes, indeed, we are: 
<http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa>

> And in many many many cases in common use on the web, we do not care if
> we would be.

Yes, in many cases. In many other cases, we however do.

I'm also not a fan of the "everything must be encrypted *and* 
authenticated" approach, when "encrypt as much as you can" would solve 
many of these problems as well, without introducing these other problems 
we've been discussing here. But pretending that there is no problem that 
needs to be solved doesn't help either.

Best regards, Julian
Received on Monday, 19 January 2015 21:38:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:09 UTC