It's really gonna suck for the Dave Winer's of the world when they find out that @mozilla is pushing to deprecate insecure HTTP even harder than we are. https://twitter.com/fugueish/status/1006665895601553408 …
-
This Tweet is unavailable.
-
Replying to @slightlylate @mozilla
Does he have a fair point about a lot of innocent older unmaintained sites getting thrown under the bus because there's nobody to pay for a switch to HTTPS?
2 replies 0 retweets 0 likes -
Do they still pay for DNS and hosting?
1 reply 0 retweets 0 likes -
...cause certs are free, thanks to
@letsencrypt!1 reply 0 retweets 0 likes -
Replying to @slightlylate @stshank and
It's important to remember that the web is all rented thanks to DNS. DNS entries cost some money and can be transferred (e.g., when an entry expires and is registered by a different org). When they stop resolving, your site "goes down".
1 reply 0 retweets 3 likes -
Replying to @slightlylate @stshank and
Hosting, likewise, is dynamic. We don't have offline, durable representations of web content. We'll get closer to that with Web Packaging, however, but it also requires certs.
2 replies 0 retweets 3 likes -
Replying to @slightlylate @stshank and
So the argument is "there's 3 things I now need, two of which I have to pay money for and was OK with, and I'm objecting to the addition of a free thing to that list". The transition may cost, ofc.
1 reply 0 retweets 3 likes -
I imagine that the difficulty for some old sites is not the difficulties of obtaining a certificate, it's moving out of autopilot mode. Any change at all is harder than just paying your hosting company every year to keep on keeping on.
2 replies 0 retweets 0 likes -
I agree that there's a cost. It's a cost that we've externalized (as a community) until now. Not being able to actually know who's on the other end of the line is a price that users have borne via malware and other sorts of badness.
3 replies 0 retweets 2 likes -
Replying to @slightlylate @stshank and
I have had an http site MITM'd maybe 5 times in 20 years. I get noxious crap injected by javascript adtech pretty much every day. I know you care about both, but "anti-vaxxers" is not a helpful framing.
1 reply 0 retweets 0 likes
That you know of. I mean, how often did you connect over insecure wifi? Or a terrible (perhaps pwn'd) gateway?
-
-
Replying to @slightlylate @stshank and
How about extending subresource integrity to <a> and <img> links? Mitigate the http issue that way?
1 reply 0 retweets 0 likes -
Replying to @kevinmarks @stshank and
How does that help if the top-level document can also be MITM'd?
1 reply 0 retweets 0 likes - 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.