On 2015-04-15 10:03 AM, commodorej...@gmail.com wrote:
On Wednesday, April 15, 2015 at 6:56:48 AM UTC-7, Joseph Lorenzo Hall wrote:
If you're addicted to cleartrext, the future is going to be hard for you...
Only because people like you insist on trying to push it across-the-board,
rather than let webmasters make their own decisions.
Webmasters are already restricted in how they can run their services in
many ways, some standards-based, some inherent to the web as we find it
in the wild.
For what it's worth I think that the fact that it is (at present) way
more difficult to obtain, install, and update a certificate for a web
server than it is to obtain, install and update a web server means that
_mandating_ HTTPS would represent a real barrier to participation in a
free and open Web.
Having said that, "deprecated" clearly doesn't mean "prohibited", and
the Let's Encrypt's "How It Works" page suggests that setting up a cert
won't be all that difficult in the near future. So, while you may be
right that the benefits here seem to be all client side and the up-front
costs seem to be all server-side, it looks like work is well underway to
reduce server-side costs to almost nothing. Moving from "TLS if the
server wants to" to "TLS is what the client expects" is a meaningful
change in incentive structure underneath web security, and sounds like
the right thing to me.
- mhoye
* https://letsencrypt.org/howitworks/
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
