|
|
|
|
|
|
by jtheory
1960 days ago
|
|
|
100% yes. It's also about the entire internet & its users, not just threat models on specific sites. We can't ask the general public to consider threat models and evaluate what sites should need HTTPS or just HTTP. General, non-technical intuition is basically useless for this eval; it's not a good path. It's much smarter to just make HTTPS the default, make it easy & free for any site to provide it, and then let browsers show big warnings for any site that's not secured. (Browsers are moving this way already) |
|
|