W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re[2]: HTTP2 Expression of Interest

From: Adrien de Croy <adrien@qbik.com>
Date: Wed, 18 Jul 2012 08:51:26 +0000
To: "Henrik Frystyk Nielsen" <henrikn@microsoft.com>, "Julian Reschke" <julian.reschke@gmx.de>, "Mike Belshe" <mike@belshe.com>
Cc: "Willy Tarreau" <w@1wt.eu>, "Phillip Hallam-Baker" <hallam@gmail.com>, "Rajeev Bector" <rbector@yahoo-inc.com>, "Martin Thomson" <martin.thomson@gmail.com>, Martin J. Dürst <duerst@it.aoyama.ac.jp>, "Doug Beaver" <doug@fb.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <em05bcc17d-e551-42f3-9958-d4b6497206de@reboist>

I think also it's not always clear who the user is.  It's certainly 
naive to think they all want / need / deserve the same thing.

We get paid by customers.

We don't in general get paid by users.

Users are in our case typically employees or students.  They don't get 
to make the rules about what they can do in company time.  Nor should 
they.

Adrien


------ Original Message ------
From: "Henrik Frystyk Nielsen" <henrikn@microsoft.com>
To: "Julian Reschke" <julian.reschke@gmx.de>;"Mike Belshe" 
<mike@belshe.com>
Cc: "Willy Tarreau" <w@1wt.eu>;"Phillip Hallam-Baker" 
<hallam@gmail.com>;"Adrien W. de Croy" <adrien@qbik.com>;"Rajeev 
Bector" <rbector@yahoo-inc.com>;"Martin Thomson" 
<martin.thomson@gmail.com>;"Martin J. Dürst" 
<duerst@it.aoyama.ac.jp>;"Doug Beaver" 
<doug@fb.com>;"ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Sent: 18/07/2012 8:26:14 p.m.
Subject: RE: HTTP2 Expression of Interest
>Mike,
>
>I think the reason why your argument fails to convince is that it is made at the wrong layer. It is essentially not an HTTP issue but a content provider issue whether content is exposed over TLS or not. Every content provider today has the option of using TLS or not -- some has chosen to use it and others not. It would be much more beneficial if you could convince content providers that is it a good idea for them to use TLS.
>
>I think you would feel the same if I argued that TCP should be abandoned in favor or TLS throughout the Internet. Clearly that would feel like overreach from a policy point of view that doesn't reflect what TCP is actually used for.
>
>I doubt you will find anybody who will "vote against the user" but it also somewhat naïve to say that the user is "safe" if we use TLS. There are so many other aspects (privacy, tracking, etc.) that directly involve content providers directly so rather than focusing on one particular aspect (TLS) I would argue that the right discussion to have is with content providers about what it means to expose data in a safe manner. Not whether TLS should be mandatory in HTTP or not.
>
>Henrik
>
>-----Original Message-----
>From: Julian Reschke [mailto:julian.reschke@gmx.de]
>Sent: Wednesday, July 18, 2012 1:04 AM
>To: Mike Belshe
>Cc: Willy Tarreau; Phillip Hallam-Baker; Adrien W. de Croy; Rajeev Bector; Martin Thomson; "Martin J. Dürst"; Doug Beaver; ietf-http-wg@w3.org
>Subject: Re: HTTP2 Expression of Interest
>
>On 2012-07-18 09:50, Mike Belshe wrote:
>
>>
>>...
>>It does not go without notice from me that the battle lines are drawn
>>around which type of developer you are.  Browser developers and social
>>content providers are all in the protect-the-users camp (encrypt
>>everything).  Proxy vendors, which have an uncertain role in an
>>encrypted future, are unilaterally against it.  This is a power
>>struggle of products.  Are the endpoints in charge?  Or is the 3rd
>>party middleman in charge?
>>
>>Again, I vote for the user.
>>...
>>
>
>
>The user wants security. But the user also wants speed, or the ability to access a site from an environment that insists on opening the connection.
>
>Best regards, Julian
>
>
>
>
>
>
>
>
>
Received on Wednesday, 18 July 2012 08:51:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 18 July 2012 08:51:57 GMT