On Sep 27, 2014, at 3:02 AM, Anne van Kesteren <ann...@annevk.nl> wrote:
> On Fri, Sep 26, 2014 at 11:06 PM, Richard Barnes <rbar...@mozilla.com> wrote: >> It is not our job to break the HTTP-schemed web to force everyone to HTTPS. > > It is for features where it matters for end users. > > >> Users and web sites have been using geolocation on unauthenticated origins >> for several years now without major implications. > > Citation needed. > > >> It's no more dangerous than me typing my address into a form. > > Those forms should also be behind TLS. But obviously forcing that is > far less practical than taking steps with geolocation. Are you making an argument more subtle than "everything should be HTTPS, so we should make HTTP less functional"? I don't disagree that things should be HTTPS, but breaking the HTTP-schemed web is not the way to get there. That's like Verizon trying to get people to use their favorite video streaming site by slowing down all the others. Since the major barrier to HTTPS deployment is the difficulty of deploying and maintaining it, the better strategy is to make HTTPS simpler to deploy. Some of the hosting providers have been making good progress on this front. --Richard > > > -- > https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
