W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: SPDY = HTTP/2.0 or not ?

From: patrick mcmanus <pmcmanus@mozilla.com>
Date: Mon, 26 Mar 2012 10:55:38 +0200
Message-ID: <4F702F0A.3070209@mozilla.com>
To: ietf-http-wg@w3.org
Hi Roy,

On 3/26/2012 10:10 AM, Roy T. Fielding wrote:
> On Mar 26, 2012, at 9:44 AM, patrick mcmanus wrote:
>
>
> I've never considered SSL to be a means of securing the protocol.
I'm fine with another answer to security if there is a better one 
available. My expectation is that SSL will evolve to solve some of its 
shortcomings and that is a reasonable train to be linked on to.

>
> In any case, the notion that every user wants a secure protocol is
> irrelevant.

I disagree. To me its fundamental and the checkered history of HTTP/1 in 
this space should inform the next revision.

>    There are many examples of HTTP use, in practice, for
> which SSL/TLS is neither desired nor appropriate.  Even simple things,
> like the exchange that Apple devices use to discover network access point
> logins, cannot work with an assumption of SSL/TLS.

Can you explain the Apple use case in detail? That sounds interesting, 
although I don't have the presumption that this has to be the only 
protocol to satisfy every use case.
Received on Monday, 26 March 2012 08:56:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT