W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: HTTP 2.0 mandatory security vs. Amateur Radio

From: Roberto Peon <grmocg@gmail.com>
Date: Thu, 14 Nov 2013 01:19:00 -0800
Message-ID: <CAP+FsNe0nUVao-FXw+ZqFZ8JBsw1XfqhuOW9ErTC0yr8sTKDCg@mail.gmail.com>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Bruce Perens <bruce@perens.com>
On Nov 13, 2013 11:09 PM, "Nicolas Mailhot" <nicolas.mailhot@laposte.net>
wrote:
>
>
> Le Jeu 14 novembre 2013 09:16, Roberto Peon a écrit :
> > One of the reasons why http/1.1 is what people use on port 80 is because
> > that is all which reliably traverses it.
>
> And it reliably traverses it because there is a wide array of solutions on
> the market that permit its filtering. If you remove this security
> property, port 80 reliable availability will become something of the past
> and it will join the long list of protocols too annoying to control to be
> permitted on network boundaries.
>

No, you have this backwards.
ONLY HTTP1.1 TRAVERSES PORT 80 RELIABLY.
ONLY HTTP/1.1!

NOTHING ELSE.

> Most people do not trust random server hosts on the Internet. Mandatory
> TLS assume they will. Given how diverse the human population is, there is
> no chance in hell for that to happen. (yes this wg can remove possibility
> of fine-grained filtering. You'll see people dropping whole continents at
> the ip level instead, like already happens for mail).
>
> There have still not been any explanation why traffic must be 100%
> encrypted. People do not wear black balaclavas by default in real life
> just in case a CCTV camera or a Google car passes by.

Are you not current with the news about pervasive monitoring?

-=R

>
> --
> Nicolas Mailhot
>
Received on Thursday, 14 November 2013 09:19:31 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC