On Tuesday, 15 November 2016 09:35:17 UTC, Jakob Bohm wrote: > The HTTPS-everywhere tendency, including the plans of some people to > completely remove unencrypted HTTP from implementations, makes it > necessary for non-public stuff connected to the Internet to get > Internet-compatible TLS certificates. > That happens to be the same as the WebPKI
No. You mistake a convenience for a necessity. It is certainly _convenient_ if everything in the world trusts your claim of identity without any action but it's not _necessary_ that it must be so. If you want this convenience, you must pay us the courtesy of being open and honest. If you would rather not, too bad we don't trust you. Let me be more specific: I don't trust you. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy