[Cryptography] HTTP should be deprecated.

Eric Mill eric at konklone.com
Tue Nov 12 00:25:22 EST 2013 

A few things are pretty clear:

* Whether or not everything should be HTTPS, clearly more should be.
* HTTPS has lots of problems and doesn't solve everything.
* HTTPS breaks some kinds of caching, and doesn't affect others.
* CDNs charge waaayyyy more to serve your data as HTTPS. This affects the
behavior of institutions that use CDNs.
* Google and others are backing SPDY as the next HTTP 2.0, which would have
TLS on for all traffic. Google cares about performance and efficiency more
than anyone else on the Web, and they think TLS is just fine. SPDY/HTTP2 is
built to extend the Web with lots of different performance gains.

HTTP2 being all-TLS would effectively deprecate HTTP in favor of HTTPS. I
think this is where the Web is going, and we should look at whatever
downsides that would cause and start addressing them now.


On Mon, Nov 11, 2013 at 8:03 PM, Patrick Mylund Nielsen <
cryptography at patrickmylund.com> wrote:

> On Mon, Nov 11, 2013 at 7:45 PM, Lodewijk andré de la porte <l at odewijk.nl>wrote:
>
>> I'm sorry, no. There is information that is simply public. To intricately
>> confuse them through our petty plays with numbers would be nothing but
>> waste of time and all the peoples' resources.
>>
>
> I think you missed John's point, which was that, while the information may
> be something that is readily accessible to all, the fact that YOU are
> accessing it is interesting information. And that's true, but somebody is
> going to get that information whether or not the channel is encrypted.
>
>
>> Think of the caching disadvantages!
>>
>
> Which? It's very easy to cache stuff when HTTPS is used, either
> server-side or client-side (Cache-Control header.) It's just a transport.
>
> The fact that the CA model is a mess and browsers depend on it is a much
> bigger disadvantage.
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>



-- 
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131112/2bfec197/attachment.html>

More information about the cryptography mailing list