On Tue, Sep 27, 2011 at 17:08, Jimmy Hess <mysidia@gmail.com> wrote:
That is, HTTPs should become assumed.
As much as that would be wonderful from a security standpoint, IMO it's not realistic to expect every mom-and-pop posting a personal Web site to pay extra for a static/dedicated IP address from their hosting company (even if IPv6 were widely deployed, Web hosts probably would charge extra for this just on principle), and to pay extra for an SSL certificate, even a "weak" one that only verifies the domain name. If a given Web site's developers think their content is "important" (however they define the term), they certainly can add SSL to the site; in the grand scheme of things the cost is pretty small. But assuming everyone can/should do this is probably a step too far. That said, there's nothing wrong with browser extensions that try HTTPS first, and I'd wager that sooner or later one of the big browsers will make that a built-in option. David Smith MVN.net