On Wed, Apr 15, 2015 at 10:03 AM, <commodorej...@gmail.com> wrote: > rather than let webmasters make their own decisions.
I firmly disagree with your conclusion, but I think you have identified the central property that is changing. Traditionally transport security has been a unilateral decision of the content provider. Consumers could take it or leave it as content providers tried to guess what content was sensitive and what was not. They could never really know, of course. The contents of a public library are not private - but my reading history may or may not be. An indexed open source repository is not private - but my searching for symbols involved in a security bug may be. The content provider can't know apriori and even if they do may not share the interests of the consumer. The decision is being made by the wrong party. The HTTPS web says that data consumers have the right to (at least transport) confidentiality and data integrity all of the time, regardless of the content. It is the act of consumption that needs to be protected as we go through our day to day Internet lives. HTTPS is certainly not perfect at doing this, but its the best thing we've got. So yes, this is a consumer-first, rather than provider-first, policy. -Patrick _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
