[[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> It says to support HTTPS properly and *securely*. The current variant > is not secure, it is vulnerable to SSL Stripping attacks. That's why > HSTS was invented in the first place. I don't know what you are talking about. > Leaving the HTTP default open means people's access credentials can be > stolen by an active attacker - even if they think they're using https > because of the misleading option at the login screen. I don't understand those words. I can only say that the conclusion, "Security requres discontinuing support for HTTP," is an extraordinary claim and requires extraordinary proof. I am extremely skeptical. -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html.
