0 Members and 1 Guest are viewing this topic.
i don't understand why people think that a low, even non-existent, probability of being spied on warrants the dismissal of security altogether, especially if it doesn't/hardly inconveniences the end-user.
Quote from: t4 on October 23, 2015, 07:38:53 PMi don't understand why people think that a low, even non-existent, probability of being spied on warrants the dismissal of security altogether, especially if it doesn't/hardly inconveniences the end-user.yeah, because having https be a default, even though optional, feature, instead of being mandatory, is the same thing as a complete dismissal of security
Quote from: Davidi2 on October 23, 2015, 07:52:42 PMQuote from: t4 on October 23, 2015, 07:38:53 PMi don't understand why people think that a low, even non-existent, probability of being spied on warrants the dismissal of security altogether, especially if it doesn't/hardly inconveniences the end-user.yeah, because having https be a default, even though optional, feature, instead of being mandatory, is the same thing as a complete dismissal of security So you're suggesting that it should be up to the user to enable secure transmissions?
I thought HTTP 2.0 mandated that SSL be enforced.
For anyone wanting it to be optional I'd ask this honest question, and I really do want an answer:Why?I see absolutely no reason for any website to offer http instead https anymore, as far as I can tell there aren't any downsides, and there are a bunch of upsides. For example HTTP/2, Brotli compression, and probably all new features in the future will only be supported over https anyhow.
No one has an answer to that question because there is no valid answer. These people start with a shitty argument, maybe re-state the shitty argument a bit, make some jokes and/or personal attacks, and then just stop posting. I really don't understand their thought process.. maybe it's government brainwashing??
Also, I don't think the content of the data has any bearing of whether or not to implement and enforce security.
the reason for enforcement is that there's no reason for *any* website to support unencrypted comms in 2015.