I agree HTTPS makes information safer and protects it¹s integrity, making it (once again) safer. However; 1) are the benefits worth the millions of man-hours, and countless dollars this will cost? 2) why is Mozilla suddenly everyone¹s nanny?
- Shawn On 5/1/15, 2:44 PM, "Joseph Lorenzo Hall" <j...@cdt.org> wrote: >On Fri, May 1, 2015 at 2:37 PM, Patrick McManus <pmcma...@mozilla.com> >wrote: >> It is afterall likely stored in cleartext on each computer. This is an >> important distinction no matter the nature of the content because >>Firefox, >> as the User's Agent, has a strong interest in the user seeing the >>content >> she asked for and protecting her confidentiality (as best as is >>possible) >> while doing the asking.Those are properties transport security gives >>you. >> Sadly, both of those fundamental properties of transport are routinely >> broken to the user's detriment, when http:// is used. > >Yes, I'll add something Patrick knows very well, but just to hammer it >home: HTTPS as transport protection isn't just about confidentiality >but integrity of the transport. > >So, even if those of you out there are saying "The web doesn't have >much private stuff! jeez!" the web sure has a lot of stuff that is >highly dynamic with javascript and other active content. That stuff >needs be protected in transit lest the Great Cannon or any number of >user-hostile crap on the net start owning your UAs, even if you don't >think the content need be private. > >best, Joe > >-- >Joseph Lorenzo Hall >Chief Technologist >Center for Democracy & Technology >1634 I ST NW STE 1100 >Washington DC 20006-4011 >(p) 202-407-8825 >(f) 202-637-0968 >j...@cdt.org >PGP: https://josephhall.org/gpg-key >fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
