On Oct 6, 2015, at 11:23 AM, Roscoe, Alexander <[email protected]> wrote:
I strongly disagree with this sentiment. These days HTTPS should be the default for all new features, and HTTP only used when there is a technical requirement preventing the use of HTTPS. We want to make the net secure, not add more attack surface.
There have already been reported incidents where the attacker joins a public wifi and hijacks DHCP. The user should have some assurance that the captive portal they're entering their credit card info into is the right one.
Description: Message signed with OpenPGP using GPGMail