[ALUG] Mozilla will obsolete HTTP
Tim Schofield
tim.schofield1960 at gmail.com
Mon May 4 20:04:06 EAT 2015
Hi Miku, I would just like to emphasise that I am not in any way
against security, and the more that smart guys such as yourself and
Andreas can do to educate people on it then the better as far as I am
concerned.
What I am against is Mozilla/Google et al forcing that on people
rather than educating them. It goes against everything I believe the
web should stand for.
Tim
On 4 May 2015 at 17:15, Miku, E. Cornelius via Linux
<linux at lists.habari.co.tz> wrote:
> Interesting discussion, good going guys.
>
> I think Security is as much technical as it is political.
>
> The main discussion here is Securing HTTP traffic, and from my technical
> point of view the best way to do that is from the source(server side), that
> means it's a web/host master's job.
>
> But what if this person doesn't really know what they are doing? Let's agree
> of the qualities the Internet should have Safety[1] is a major one. And for
> it to prosper there must standards and a way to make sure they are followed.
>
> Mozilla's and Google's approach is similar to how email currently operates.
> The postmaster(who knows what they're doing) can easily control/force users
> to use SSL/TLS OR set parameters to delay/reject/etc emails from
> misconfigured servers. But with HTTP the only way of forcing the webmaster's
> hand is from the client(the browser).
> As long as the standards these browsers are enforcing are the same standards
> developed by the Internet community through public consensus.
>
> [1] The Safety in mind here is the kind of safety that not anyone you pissed
> off can Google a tutorial and easily compromise your security/privacy, or
> any kid who knows how to use Wireshark can end up causing some serious
> damage. So at least for me I see what they are trying to do is a good start.
> Safety from Governments and these 3-letter Agencies(as Richard call them)
> that have backdoors in OpenSSL and run CAs all over the World will remain
> political and a fight for another day, if they want to compromise your
> privacy they can and will do it regardless. In other words you're (as Alan
> put it)screwed.
>
> PS. I see there's a lot of interest on this subject may be we should put it
> in schedule of future discussions(meets) and may be Andreas and myself will
> talk about security/encryption/cryptography before it.
>
> Cheers,
>
> --
> Miku
>
>
> _______________________________________________
> The Arusha Linux User Group: http://unix.or.tz
> Linux mailing list
> Linux at lists.habari.co.tz
> http://lists.habari.co.tz/cgi-bin/mailman/listinfo/linux
>
> The Arusha LUG mailing list is generously hosted by Habari Node Ltd:
> http://www.habari.co.tz/
>
> The above comments and data are owned by whoever posted them (including
> attachments if any). The mailing list host is not responsible for them in
> any way.
--
Course View Towers,
Plot 21 Yusuf Lule Road,
Kampala
T +256 (0) 312 314 418
M +256 (0) 752 963 325
www.weberpafrica.com
Twitter: @TimSchofield2
Blog: http://weberpafrica.blogspot.co.uk/
More information about the Linux
mailing list