TLS et vie privée

TLS does not provide privacy. What it does is disable anonymous access to ensure authority. It changes access patterns away from decentralized caching to more centralized authority control. That is the opposite of privacy. TLS is desirable for access to account-based services wherein anonymity is not a concern (and usually not even allowed). TLS is NOT desirable for access to public information, except in that it provides an ephemeral form of message integrity that is a weak replacement for content integrity.


TLS everywhere is great for large companies with a financial stake in Internet centralization. It is even better for those providing identity services and TLS-outsourcing via CDNs. It’s a shame that the IETF has been abused in this way to promote a campaign that will effectively end anonymous access, under the guise of promoting privacy.

Re: Proposed Statement on "HTTPS everywhere for the IETF" (cache)

Roy T. Fielding nous rappelle le principal danger de TLS et de « SSL partout » : la centralisation des autorités de certification. Et par extension du Web.

Réponse d’Éric D. le lendemain.