[Cryptography] HTTP should be deprecated.
Theodore Ts'o
tytso at mit.edu
Mon Nov 4 19:58:03 EST 2013
On Mon, Nov 04, 2013 at 02:01:15PM -0500, Eric Mill wrote:
>
> But I'm also very pro-"it should be easy to publish things on the
> Internet", and key management *is* a pain in the ass. Requiring it
> Internet-wide would raise the barrier for people new to web publishing to
> get started, and/or make more people just use a *.wordpress.com or *.
> whatever.com domain, rather than bother getting their own.
I'm in the anti-"pay CA's for their crappy job" school. So my web
site uses a CACert certificate, which most browsers don't accept,
which is why I default to http. If people want to access my web site
via https, they certainly can --- and that I's how I access it when I
need to send my password to the administrative interface for my site.
I just don't force via a redirect that users use https for thunk.org.
If deprecating http means that I have to pay $$$ to Verisign or
GoDaddy, I'm personally not excited about funding elephant hunters or
a company that is probably deep in the pockets of the US Government.
- Ted
More information about the cryptography
mailing list