On Mon, Sep 15, 2014 at 10:24 AM, Daniel Stenberg <dan...@haxx.se> wrote: > Shouldn't we strive to make the user experience better for all > users, even those accessing HTTP sites?
Well, the question is whether we want HTTP in the end. E.g. we are opting to not enable new powerful features such as service workers on them, and we also want the whole web to work offline (in theory). > In a world with millions and billions of printers, fridges, TVs, settop > boxes, elevators, nannycams or whatever all using embedded web servers - the > amount of certificate handling for all those devices to run and use fully > authenticated HTTPS is enough to prevent a large amount of those to just not > go there. With opp-sec we could still up the level and make pervasive > monitoring of a lot of such network connections much more expensive. It seems very bad if those kind of devices won't use authenticated connections in the end. Which makes me wonder, is there some activity at Mozilla for looking into an alternative to the CA model? -- http://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
