On Tue, Jun 2, 2015 at 12:59 PM, Joe Touch <touch(_at_)isi(_dot_)edu> wrote:
On 6/1/2015 10:16 AM, Richard Barnes wrote:
Do it. Do it boldly and fearlessly. Make the statement and implement
it.
...
Don't be tied to legacy. Anything that doesn't support HTTPS at this
point needs to upgrade and deserves to be broken.
Leaving out the have-nots - or those whose access is blocked by others
when content cannot be scanned - isn't moving forward.
[citation-required]
Where is this place where the entire HTTPS web is not accessible? How do
they do their banking, or buy things?
That said, though, I agree with you and Ted that there's consensus to
proceed with *adding* HTTPS-based access. Let's turn on HTTPS and HSTS as
a first step, see how many 9s of the user base that gets us.
--Richard
HTTP isn't legacy. It's open. I thought the IETF was too.
Joe
PS - I noticed you didn't PGP-sign this post. Hello, pot.
(ref: http://en.wikipedia.org/wiki/The_pot_calling_the_kettle_black)