> It is not "completely useless" or a "theoretical attack vector". This literally happens in the wild. There were reports of Comcast and ISPs in India MITM'ing traffic injecting ads into their their customers' tcp streams a couple of years ago.
In this case people can freely use the HTTPS version. What we argue is stop doing automatic redirects effectively rendering the whole content inaccessible in case of certificate issues - and this a massive problem, affecting much more websites than hijacking traffic by some ISP some years ago. And you can be sure ISPs will be doing less of it as most sites are on HTTPS now. What we are asking is not to kill plain old HTTP for those who want and need to use it.
In this case people can freely use the HTTPS version. What we argue is stop doing automatic redirects effectively rendering the whole content inaccessible in case of certificate issues - and this a massive problem, affecting much more websites than hijacking traffic by some ISP some years ago. And you can be sure ISPs will be doing less of it as most sites are on HTTPS now. What we are asking is not to kill plain old HTTP for those who want and need to use it.