Re: HTTP 2.0 mandatory security vs. Amateur Radio

As far as I can tell, none of us who are saying no to mandatory TLS
aren't wishing "for plaintext http2 over the internet on port 80". By
all means, make HTTP2 over TLS the default setup. What we are saying
is that making HTTP2 over TLS *mandatory* is not the right thing to
do.

On Thu, Nov 14, 2013 at 12:25 PM, Roberto Peon <grmocg@gmail.com> wrote:
> As I seem to be saying over and over...
>
> We can wish for plaintext http2 over the internet on port 80 as much as we
> want, but it won't happen since it is not reliable, and the nature of that
> unreliability is not predictable.
>
> Few websites will be willing to turn on http2 if it means losing 10-20% of
> their user base. And that really is what we are talking about.
>
> -=R
>
> On Nov 14, 2013 8:40 AM, "Julian Reschke" <julian.reschke@gmx.de> wrote:
>>
>> On 2013-11-14 18:49, Roberto Peon wrote:
>>>
>>> There is a means of opting out, however, which exists and is widely
>>> deployed: http1
>>
>>
>> And the WG has a mandate to develop a replacement for 1.1, called 2.0. If
>> we do not indent to develop that protocol anymore, we should re-charter.
>>
>>> There was near unanimity at the plenary that we should do something
>>> about pervasive monitoring, and while I don't believe that there were
>>> any actuonable , unambiguous dieectuves , the spirit of the room was
>>> quite clear. The IETF intends to attempt to do something about this.
>>
>>
>> Yes. What we disagree on what that means for HTTP: URIs.
>>
>>> ...
>>
>>
>> Best regards, Julian

Received on Thursday, 14 November 2013 20:35:58 UTC