W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: HTTP 2.0 mandatory security vs. Amateur Radio

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Thu, 14 Nov 2013 10:09:50 +0100
Message-ID: <c7e82e312c014ff0552fe3ce0a0e1d49.squirrel@arekh.dyndns.org>
To: "Roberto Peon" <grmocg@gmail.com>
Cc: "Bruce Perens" <bruce@perens.com>, "Mark Nottingham" <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>

Le Jeu 14 novembre 2013 09:16, Roberto Peon a écrit :
> One of the reasons why http/1.1 is what people use on port 80 is because
> that is all which reliably traverses it.

And it reliably traverses it because there is a wide array of solutions on
the market that permit its filtering. If you remove this security
property, port 80 reliable availability will become something of the past
and it will join the long list of protocols too annoying to control to be
permitted on network boundaries.

Most people do not trust random server hosts on the Internet. Mandatory
TLS assume they will. Given how diverse the human population is, there is
no chance in hell for that to happen. (yes this wg can remove possibility
of fine-grained filtering. You'll see people dropping whole continents at
the ip level instead, like already happens for mail).

There have still not been any explanation why traffic must be 100%
encrypted. People do not wear black balaclavas by default in real life
just in case a CCTV camera or a Google car passes by.

-- 
Nicolas Mailhot
Received on Thursday, 14 November 2013 09:10:20 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC