Hacker News new | past | comments | ask | show | jobs | submit login

So the argument is https has too much overhead and excludes those who cant use updated browsers? Unless I missed it, the article doesn't discuss mitm, nonrepudiation or censorship/privacy concerns.



If you want to update/browse with Windows2000 i don't think privacy/security are a concern.


If you want to update/browse with Windows 2000, then you should set up a local TLS terminating proxy for it, rather than asking the rest of the world to decrease their security for you.


>rather than asking the rest of the world to decrease their security for you.

Or just let your browser decide that for you? All modern browser go directly https, until forced to http, why take away what i decided (server-side)?


It gives a few examples of use cases where protection against these are not necessary. This is one of my pet peeves too and I agree with the author. Though if you want google to list and rank you, you have to have it. (This might have changed. Google doesn't do anything for long.)

As a side effect of the push for https, local web log analysis is basically worthless nowadays. This might be why google pushed it so heavily.


I also do not understand which users anywhere using the internet wouldn't have access to an https capable browser?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: