> On Nov 12, 2014, at 4:35 AM, Anne van Kesteren <ann...@annevk.nl> wrote: > > On Mon, Sep 15, 2014 at 7:56 PM, Adam Roach <a...@mozilla.com> wrote: >> The whole line of argumentation that web browsers and servers should be >> taking advantage of opportunistic encryption is explicitly informed by >> what's actually "happening elsewhere." Because what's *actually* happening >> is an overly-broad dragnet of personal information by a wide variety of both >> private and governmental agencies -- activities that would be prohibitively >> expensive in the face of opportunistic encryption. > > ISPs are doing it already it turns out. Governments getting to ISPs > has already happened. I think continuing to support opportunistic > encryption in Firefox and the IETF is harmful to our mission.
You're missing Adam's point. From the attacker's perspective, opportunistic sessions are indistinguishable from >> Google's laser focus on preventing active attackers to the exclusion of any >> solution that thwarts passive attacks is a prime example of insisting on a >> perfect solution, resulting instead in substantial deployments of nothing. >> They're naïvely hoping that finding just the right carrot will somehow >> result in mass adoption of an approach that people have demonstrated, with >> fourteen years of experience, significant reluctance to deploy universally. > > Where are you getting your data from? > > https://plus.google.com/+IlyaGrigorik/posts/7VSuQ66qA3C shows a very > different view of what's happening. Be careful how you count. Ilya's stats are equivalent to the Firefox HTTP_TRANSACTION_IS_SSL metric [1], which counts things like search box background queries; in particular, it greatly over-samples Google. A more realistic number is HTTP_PAGELOAD_IS_SSL, for which HTTPS adoption is still around 30%. That's consistent with other measures of how many sites out there support HTTPS. --Richard [1] http://telemetry.mozilla.org/#filter=release%2F32%2FHTTP_TRANSACTION_IS_SSL&aggregates=multiselect-all!Submissions&evoOver=Builds&locked=true&sanitize=true&renderhistogram=Graph [2] http://telemetry.mozilla.org/#filter=release%2F32%2FHTTP_PAGELOAD_IS_SSL&aggregates=multiselect-all!Submissions&evoOver=Builds&locked=true&sanitize=true&renderhistogram=Graph > > > -- > https://annevankesteren.nl/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
