W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: HTTP 2.0 mandatory security vs. Amateur Radio

From: Roberto Peon <grmocg@gmail.com>
Date: Thu, 14 Nov 2013 12:21:55 -0800
Message-ID: <CAP+FsNdt+GOS+vw0R9Lx0Dp-aruWGhLw_A84GuYMAcUOExd2Zg@mail.gmail.com>
To: James Snell <jasnell@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Julian Reschke <julian.reschke@gmx.de>, Bruce Perens <bruce@perens.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
It is a fact of deployment, however.
We can wish honey dreams all day and night long of a web where deploying
plaintext works (yes, ignoring the pervasive multi-party surveillance), but
it does little to change reality where it does NOT work reliably.

-=R
On Nov 14, 2013 8:49 AM, "James M Snell" <jasnell@gmail.com> wrote:

> On Thu, Nov 14, 2013 at 10:40 AM, Julian Reschke <julian.reschke@gmx.de>
> wrote:
> > On 2013-11-14 18:49, Roberto Peon wrote:
> >>
> >> There is a means of opting out, however, which exists and is widely
> >> deployed: http1
> >
> >
> > And the WG has a mandate to develop a replacement for 1.1, called 2.0.
> If we
> > do not indent to develop that protocol anymore, we should re-charter.
> >
>
> Very emphatic +1. So far the general sentiment of those pushing for
> TLS-only seems to be "If you don't want to be forced to use TLS,
> tough, you don't get to play with us then". That's not going to work.
>
> - James
>
> >
> >> There was near unanimity at the plenary that we should do something
> >> about pervasive monitoring, and while I don't believe that there were
> >> any actuonable , unambiguous dieectuves , the spirit of the room was
> >> quite clear. The IETF intends to attempt to do something about this.
> >
> >
> > Yes. What we disagree on what that means for HTTP: URIs.
> >
> >> ...
> >
> >
> > Best regards, Julian
> >
>
Received on Thursday, 14 November 2013 20:22:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC