W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re[2]: HTTP2 Expression of Interest

From: Adrien W. de Croy <adrien@qbik.com>
Date: Wed, 18 Jul 2012 02:03:44 +0000
To: "James M Snell" <jasnell@gmail.com>, "Tim Bray" <tbray@textuality.com>
Cc: "Doug Beaver" <doug@fb.com>, "Willy Tarreau" <w@1wt.eu>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <emd8c534c1-5834-4b4d-b06a-afecd1e19418@bombed>

If the only down-side to mandating crypto was that some links that 
didn't really need it had to implement it, I wouldn't be so strongly 
against it.

But there are scenarios where crypto for HTTP is either impossible, 
illegal, or highly undesirable.

Mandating it is simply incompatible with reality.



------ Original Message ------
From: "James M Snell" <jasnell@gmail.com>
To: "Tim Bray" <tbray@textuality.com>
Cc: "Doug Beaver" <doug@fb.com>;"Willy Tarreau" 
<w@1wt.eu>;"ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Sent: 18/07/2012 10:53:38 a.m.
Subject: Re: HTTP2 Expression of Interest
>Mandatory end-to-end encryption does not make sense. There are 
>countless scenarios where TLS just isn't necessary. Yes, we can do a 
>better job but forcing it to be used in scenarios where there is no 
>PII at risk is just pointless. 
>- James
>
>On Tue, Jul 17, 2012 at 3:31 PM, Tim Bray <tbray@textuality.com> wrote:
> Pulling a really important paragraph out of Doug’s (long) posting, in
> the hope that more people will thus read it.
> 
> On Tue, Jul 17, 2012 at 3:11 PM, Doug Beaver <doug@fb.com> wrote:
> 
> > I think all those positions can be valid. I just happen to think 
> that even
> > given all the above, it is still better to mandate encryption and 
> give better
> > privacy to Internet users than it is to punt the ball down the 
> field another
> > twenty years.
> 
> What he said. -T
> 
 
Received on Wednesday, 18 July 2012 02:04:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 18 July 2012 02:04:16 GMT