Op maandag 13 april 2015 16:57:58 UTC+2 schreef Richard Barnes: > There's pretty broad agreement that HTTPS is the way forward for the web. > In recent months, there have been statements from IETF [1], IAB [2], W3C > [3], and even the US Government [4] calling for universal use of > encryption, which in the case of the web means HTTPS.
Each organisation has it own reasons to move away from HTTPS. It doesn't mean that each of those reasons are ethical. > In order to encourage web developers to move from HTTP to HTTPS Why ? Large multinationals do not allow HTTPS traffic within their border gateways of their own infrastructure, why make it harder for them? Why give people the impression in the future that because they are using HTTPS they are much safer, but instead the implication are much larger. (no dependability anymore, forced to trust root-CA etc..) Why force hosting companies and webmasters with extra costs ? Do not forget that most used webmaster/webhoster controle panels do not support SNI, and that each HTTPS site has to have it own unique IP address. Here in EUROPE we are still using IPv4 and RIPE can't issue new IPv4 address because they are all gone. So as long that isn't resolved it can't be done. IMHO HTTPS would be safer if no larger companies or governments are involved with issuing the certificates, and the certificates would be free or somehow other wise being compensated. The countries where the people have lesser profiting from HTTPS because human rights are more respected have the means to pay for SSL certificates, but the people who you want to protect don't and even if they would have, they always have a government(s) to deal with. As long you think that ROOT-CA are 100% trustworthy and governments can't manipulate or do a replay attack afterwards, HTTPS is the way to go... until that (and SNI/IPv4) issue are not handled, don't, because it will cause more harm in the long run. Do not get me wrong, the intention is good. But trying to protect humanity from humanity also means to keep in mind the issues surrounding it. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
