On Tue, Jun 2, 2015 at 12:59 PM, Joe Touch <touch@xxxxxxx> wrote:
On 6/1/2015 10:16 AM, Richard Barnes wrote:
> Do it. Do it boldly and fearlessly. Make the statement and implement it.
>
...
> Don't be tied to legacy. Anything that doesn't support HTTPS at this
> point needs to upgrade and deserves to be broken.
Leaving out the have-nots - or those whose access is blocked by others
when content cannot be scanned - isn't moving forward.
[citation-required]
Where is this place where the entire HTTPS web is not accessible? How do they do their banking, or buy things?
That said, though, I agree with you and Ted that there's consensus to proceed with *adding* HTTPS-based access. Let's turn on HTTPS and HSTS as a first step, see how many 9s of the user base that gets us.
--Richard
HTTP isn't legacy. It's open. I thought the IETF was too.
Joe
PS - I noticed you didn't PGP-sign this post. Hello, pot.
(ref: http://en.wikipedia.org/wiki/The_pot_calling_the_kettle_black)