W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

RE: HTTP2 Expression of Interest

From: Henrik Frystyk Nielsen <henrikn@microsoft.com>
Date: Wed, 18 Jul 2012 08:26:14 +0000
To: Julian Reschke <julian.reschke@gmx.de>, Mike Belshe <mike@belshe.com>
CC: Willy Tarreau <w@1wt.eu>, Phillip Hallam-Baker <hallam@gmail.com>, "Adrien W. de Croy" <adrien@qbik.com>, Rajeev Bector <rbector@yahoo-inc.com>, Martin Thomson <martin.thomson@gmail.com>, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, Doug Beaver <doug@fb.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <3605BA99C081B54EA9B65B3E33316AF73F6E4F72@CH1PRD0310MB392.namprd03.prod.outlook.com>
Mike,

I think the reason why your argument fails to convince is that it is made at the wrong layer. It is essentially not an HTTP issue but a content provider issue whether content is exposed over TLS or not. Every content provider today has the option of using TLS or not -- some has chosen to use it and others not. It would be much more beneficial if you could convince content providers that is it a good idea for them to use TLS.

I think you would feel the same if I argued that TCP should be abandoned in favor or TLS throughout the Internet. Clearly that would feel like overreach from a policy point of view that doesn't reflect what TCP is actually used for. 

I doubt you will find anybody who will "vote against the user" but it also somewhat naïve to say that the user is "safe" if we use TLS. There are so many other aspects (privacy, tracking, etc.) that directly involve content providers directly so rather than focusing on one particular aspect (TLS) I would argue that the right discussion to have is with content providers about what it means to expose data in a safe manner. Not whether TLS should be mandatory in HTTP or not.

Henrik

-----Original Message-----
From: Julian Reschke [mailto:julian.reschke@gmx.de] 
Sent: Wednesday, July 18, 2012 1:04 AM
To: Mike Belshe
Cc: Willy Tarreau; Phillip Hallam-Baker; Adrien W. de Croy; Rajeev Bector; Martin Thomson; "Martin J. Dürst"; Doug Beaver; ietf-http-wg@w3.org
Subject: Re: HTTP2 Expression of Interest

On 2012-07-18 09:50, Mike Belshe wrote:
> ...
> It does not go without notice from me that the battle lines are drawn 
> around which type of developer you are.  Browser developers and social 
> content providers are all in the protect-the-users camp (encrypt 
> everything).  Proxy vendors, which have an uncertain role in an 
> encrypted future, are unilaterally against it.  This is a power 
> struggle of products.  Are the endpoints in charge?  Or is the 3rd 
> party middleman in charge?
>
> Again, I vote for the user.
> ...

The user wants security. But the user also wants speed, or the ability to access a site from an environment that insists on opening the connection.

Best regards, Julian
Received on Wednesday, 18 July 2012 08:26:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 18 July 2012 08:27:05 GMT