[Cryptography] HTTP should be deprecated.
Lodewijk andré de la porte
l at odewijk.nl
Tue Nov 12 04:12:12 EST 2013
On Nov 12, 2013 2:03 AM, "Patrick Mylund Nielsen" <
cryptography at patrickmylund.com> wrote:
> On Mon, Nov 11, 2013 at 7:45 PM, Lodewijk andré de la porte <l at odewijk.nl>
wrote:
>>
>
> I think you missed John's point, which was that, while the information
may be something that is readily accessible to all, the fact that YOU are
accessing it is interesting information. And that's true, but somebody is
going to get that information whether or not the channel is encrypted.
>
>>
>> Think of the caching disadvantages!
>
>
> Which? It's very easy to cache stuff when HTTPS is used, either
server-side or client-side (Cache-Control header.) It's just a transport.
ISPs are suggested to cache common files. The requests can be dealt with
locally, on the same network. Of course it requires static files but it
gives you a free CDN!
(Note it saves an ISP money to employ caches, that's why you can trust them
to do it. (Except when they have pairing agreements with the
destination...))
>
> The fact that the CA model is a mess and browsers depend on it is a much
bigger disadvantage.
But that can be solved and HTTPS upgraded. A solution that works "usually"
is better than one that doesn't exist.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131112/67daade5/attachment.html>
More information about the cryptography
mailing list