Re[2]: HTTP 2.0 and a Faster, more Mobile-friendly web

------ Original Message ------
From: "patrick mcmanus" <pmcmanus@mozilla.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Sent: 31/07/2012 3:09:57 a.m.
Subject: Re: HTTP 2.0 and a Faster, more Mobile-friendly web
>On 7/30/2012 12:02 AM, Poul-Henning Kamp wrote: 
>>
>>It is not clear to me exactly what these major implementers mean when 
>>they say "TLS is mandatory" 
>>
>>Do they mean "TLS MUST be supported" or "TLS MUST be used" ? 
>
>I mean that HTTP/2 must be secure against (at least) passive 
>eavesdropping attacks at all times. TLS is the bird-in-hand for that 
>right now, but it does not exclude other solutions. Other properties 
>of TLS are desirable too, but they don't necessarily rise to the level 
>of mandatory to implement for me. 
>


by "must be secure", I take it you mean "TLS must be used".  Correct?

Otherwise you'd have said "must be securable" or similar?

Adrien


>
>

Received on Monday, 30 July 2012 22:31:26 UTC