Comment by IgorPartola
11 years ago
I am not quite sure what you are saying. Is it that it is in fact better to allow HTTP to exist vs providing HTTPS backed by some type of trusted infrastructure? Or is it that you are saying that we can build a brand new from scratch solution and need to fix the existing system somehow?
It's better to allow http to exist.
There is an opportunity for new authentication approaches that can't exist in a TLS-everywhere world.
I'm looking at http://en.wikipedia.org/wiki/Generic_Bootstrapping_Architect... in particular.