> Believe it or not "everyone must use https" is a pretty political push, based on favoring certain corporate entities who control all of the points in a network where https traffic gets decrypted, at the expense of other corporate entities who the first group doesn't like.
> It's really not. Ever had your ISP inject shit into your pages?
This. And all the other skulduggery that MITM attacks enable.
I'm kind of surprised that none of the powers-that-be ever pushed for an HTTPS mode that merely signs requests and responses rather than encrypting them, in an effort to undermine encryption advocates.
That's a good point. On the other hand, the transient nature of certs makes the hosting a lot more temporary-feeling/brittle - it may get better with time - I guess we'll see...
It's really not. Ever had your ISP inject shit into your pages? https://www.infoworld.com/article/2925839/code-injection-new...