| > They are those that disable HTTP. Who's disabling HTTP? > Like it was not enough to make HTTPS default, they need to eradicate the opposition. I think you need to elaborate your world view by many paragraphs before I can understand what you're trying to say. You're against HTTPS? Plain TLS wrapping HTTP? > they profit from root certificates. The (web) root certificate industry has never been weaker than it is today, thanks to free root CAs like LetsEncrypt. > HTTP/1.1 is the fastest, most open, web you'll ever have; because it is small. So run it. Nobody's stopping you. I won't. Aside from firesheep, the fact that you thanks to Snowden we no longer have to be called a conspiracy theorist to believe in Echelon, and with all the webpage ad and bitcoin mining injectors, or just plain DPI middleboxes, I don't think HTTP is a reasonable default. Google used to provide "Conncetion: Close" (with the typo), to work around middle boxes that did shenanigans to headers, but luckily only compared some bad checksum of the header, not string comparison. HTTP/1.1 is open and simple, sure, but it's also being interfered with on a massive scale. Companies out there are selling ad injector boxes to ISPs. They only work on HTTP. You don't have ads on your blog? Well, you do now, for the visitors from some ISPs. Now HTTP/2 and HTTP/3, I see more of your point. Encryption is just table stakes to get a working website, at this point, but nobody's obligated to race to eliminate every RTT. Plain HTTPS is fine. CSS sprites is still (last I checked) a bit faster than individual resources over HTTP/2 or 3. But if I'm making a photo album showing 50 thumbnails at once, then I'm unlikely to use plain simple HTTPS with individual resources. I'd at least have to choose between CSS sprites or HTTP/2/3. It would just make for a poor user experience otherwise. And if you're not making a website for your users, then what is it for? |
Anti-virus software blocks native apps that try to connect on port 80 and you cannot make them open the port even if the setting is available.
I will always use HTTP/1.1 on port 80 but my customers wont be able to connect even if they try, my only option is to tell them to uninstall their anti-virus and hope that works.
To force a certificate that is gate kept by root-certificates and forces you to identify yourself is the largest censorship humanity has had so far: It protects the consumer from those that don't have a root-cert., but hurts a producer that is not complying with the authority.
And HTTP/2 & 3 tries to insert the cert. as a base function meaning you wont even be able to connect without it.
Pseudonymity was always the most important feature of the internet.
Watch them come after TCP and UDP soon: They will say that to use unencrypted protocols you need a license from your government.