- From: Henry Story <henry.story@bblfish.net>
- Date: Wed, 28 Mar 2012 12:16:38 +0200
- To: J Ross Nicoll <jrn@jrn.me.uk>
- Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, ietf-http-wg@w3.org
On 28 Mar 2012, at 10:48, J Ross Nicoll wrote: > I'd like to add low-power use cases (e.g. sensor networks) to that, as well, where the overhead of TLS is a non-trivial issue both in CPU time and battery power. yes, that's why I was arguing for allowing TLS to be opt out. > > I maintain that if we try forcing TLS in HTTP 2.0, many people will complain, and then fork their own versions of HTTP 2.0 without TLS. Best case scenario is a single sensible standard that models HTTP without TLS, more likely we'll end up with 2-3 subtly incompatible versions and a huge stack of workarounds to hold the mess together. > > Ross > > On 28/03/2012 08:21, Poul-Henning Kamp wrote: >> Everything, that is, except performance and choice. There is no way to get around that mandatory TLS is overkill in many high-volume applications, most notably p0rn. If you want to kill HTTP/1.1, you have to make HTTP/2.0 a good idea for the 50% of web traffic consisting of pink bits. Second, there are places where TLS is simply not a good idea, either because other security measures are in place, or because transparency is specifically called for (Think: Flight Recorder). > > Social Web Architect http://bblfish.net/
Received on Wednesday, 28 March 2012 10:17:20 UTC