On Fri, May 1, 2015 at 2:37 PM, Patrick McManus <pmcma...@mozilla.com> wrote: > It is afterall likely stored in cleartext on each computer. This is an > important distinction no matter the nature of the content because Firefox, > as the User's Agent, has a strong interest in the user seeing the content > she asked for and protecting her confidentiality (as best as is possible) > while doing the asking.Those are properties transport security gives you. > Sadly, both of those fundamental properties of transport are routinely > broken to the user's detriment, when http:// is used.
Yes, I'll add something Patrick knows very well, but just to hammer it home: HTTPS as transport protection isn't just about confidentiality but integrity of the transport. So, even if those of you out there are saying "The web doesn't have much private stuff! jeez!" the web sure has a lot of stuff that is highly dynamic with javascript and other active content. That stuff needs be protected in transit lest the Great Cannon or any number of user-hostile crap on the net start owning your UAs, even if you don't think the content need be private. best, Joe -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 j...@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
