W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re[2]: HTTP 2.0 and a Faster, more Mobile-friendly web

From: Adrien W. de Croy <adrien@qbik.com>
Date: Mon, 30 Jul 2012 22:31:00 +0000
To: "patrick mcmanus" <pmcmanus@mozilla.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <em023deac7-d35d-45a5-bb7b-4474b0f8759c@bombed>

------ Original Message ------
From: "patrick mcmanus" <pmcmanus@mozilla.com>
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Sent: 31/07/2012 3:09:57 a.m.
Subject: Re: HTTP 2.0 and a Faster, more Mobile-friendly web
>On 7/30/2012 12:02 AM, Poul-Henning Kamp wrote: 
>>
>>It is not clear to me exactly what these major implementers mean when 
>>they say "TLS is mandatory" 
>>
>>Do they mean "TLS MUST be supported" or "TLS MUST be used" ? 
>
>I mean that HTTP/2 must be secure against (at least) passive 
>eavesdropping attacks at all times. TLS is the bird-in-hand for that 
>right now, but it does not exclude other solutions. Other properties 
>of TLS are desirable too, but they don't necessarily rise to the level 
>of mandatory to implement for me. 
>


by "must be secure", I take it you mean "TLS must be used".  Correct?

Otherwise you'd have said "must be securable" or similar?

Adrien


>
>
Received on Monday, 30 July 2012 22:31:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 30 July 2012 22:31:42 GMT