-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >Encryption everywhere is good. You mean Evers public information should be encrypted? I.e. Radio vor TV? Can't see the "feature", sorry... >Once a connection is encrypted and certificate-protectedhole class > >of worries can be removed from the threat models; having fewer things >to >worry about is great when designing protocol stacks. This is correct by theory in many, but not all cases and not in practice. A https geht takes up to multiple times of energy and computing resources. I prefer efficiency even in protocols - resources should be user for real (not only theoretic) added value. Browser HTTP-SSL/TLS isn't "just encrypt and forget" as long as you really unterstand the whole infrastruture and setup in practice including their implications today - and not in theory only. This is not like and comparable with the migration from telnet to SSH and even not with SMTP TLS/SSL... And getting a faked x509 i.e. for mitm is more a question of some money and/or third party CA securitiy and not at first of secure crypto algos or similiar. And blocking plaintext http is no feature - it is at max a lack of... Sorry... best regards, Niels. - --- Niels Dettenbach Syndicat IT & Internet http://www.syndicat.com -----BEGIN PGP SIGNATURE----- iQJZBAEBCABDPBxOaWVscyBEZXR0ZW5iYWNoIChTeW5kaWNhdCBJVCAmIEludGVy bmV0KSA8bmRAc3luZGljYXQuY29tPgUCVWzMLwAKCRANu1qIRZIqRBm5D/43u9NJ Ex2CxQwIXUcuPaPEr/2geCTgGgRBnUb46fzVwf5OlPnQqA+urr1EajpY3XRdWF5r jmqnfS/ESYL4q3DV3CC8mW1a4uZWQX85+2fvCra8/nzyKP653jAZvSuqGZAnzGuq ZDM33932y5GKcPLl86C7WG/QqZ7Yb6SPukTUnDY5z0DcbyBIgqAwF0D3N5P7dk49 iaZY31z1F7rI1PvPS874sH4NVnSUh1N8OakRy5tCtQn4WVlaN1WBu+bzzCmsudgw Oh7o/BWKFGzDTNGpfsyqmzcepHsmoAPcCtbrQOadX2HFxjqzB+NJwwSLSn9koQlH xnDhDkx0avolGa3nciubPTSJkAp1wFXj9e0zeJX8dGTOjzyJTDrDxNnYkszTnSS/ X0HnoDo3Uo638Ho9sAcweZJ3XNibNNn5ekdU9kd/rBAIHaWG1m4zshMglupJPyst u0fvqBJi8AXznQ2Qv27CwjNWQSV37NFZcrkzg22f4GB43MJ1+utgTvEX2ft7uhrz HJug38x8BH0vrLXpcvlKA2f6SaOCfIhCoqv4+SLVHQLE7IoG2ZxdoY4795ORGHFc NsyfMB1ah52E3/pZjS1NhFhr4ndUQg5jp0eaLF5XhteRS2Zlw8wmYlP2qicpe3T2 S4tO7+56PhnsZQhB8GnDZMnPN9HgD9KsMNEWGg== =5dba -----END PGP SIGNATURE-----