W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

HTTP/2.0 goal: polcy enforcement

From: Adrien W. de Croy <adrien@qbik.com>
Date: Sun, 25 Mar 2012 20:24:01 +0000
To: "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <em149b14d6-6d88-4f21-b25d-8f878bf19a3a@boist>
Hi all
  
I think there's a goal that hasn't been stated for HTTP/2.0.  The 
ability to control and enforce acceptable use policy, as practised by 
countless enterprises.
  
Currently, HTTP is open enough that such control can be implemented.  
HTTPS poses several problems wrt this aim.
  
This requirement is real, and is not going to go away.
  
Adopting an SSL/TLS only option for any replacement protocol makes life 
difficult for 
  
a) proxy vendors (have to code MITM software)
b) their customers (have to deploy certificates to make MITM work)
  
For this reason alone I don't see SPDY in its current form as a viable 
successor to HTTP.
  
Since I believe the main reason to adopt TLS for SPDY was to enable 
"out of band" negotiation of which protocol was going to be used, then 
we would require another method for this.
  
Proxies are an important part of HTTP infrastructure, and wanted by 
customers.  Developing a successor to HTTP/1.1 without enabling 
reliable / simple proxy function would be a huge mistake IMO.
  
Willy / Amos, I'm keen to see what you guys come up with.  
  
Adrien
  
  
Received on Sunday, 25 March 2012 20:24:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT