>So you're OK with throwing away a perfectly fine and proven internet protocol which has survived for several decades, on a vague notion you have that "it's probably not that cache-friendly anyway".
HTTPS is not throwing away HTTP. It just protects it with TLS.
>Increased attack-vector size. But indeed: so what?
I think you meant 'decreased'. By not being able to modify the payloads or steal cookies, attackers are only left with the TLS protocol to try to mess with, which is a much smaller attack vector than being able to tweak HTTP headers and so-on.
It could have been a sideways glance at flaws in SSL/TLS that have rendered servers, data, or both compromised. Basically, a straw-man claim that plain text is actually more secure, since a flaw in the crypto stack could exist.
HTTPS is not throwing away HTTP. It just protects it with TLS.
>Increased attack-vector size. But indeed: so what?
I think you meant 'decreased'. By not being able to modify the payloads or steal cookies, attackers are only left with the TLS protocol to try to mess with, which is a much smaller attack vector than being able to tweak HTTP headers and so-on.