W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: HTTP 2.0 mandatory security vs. Amateur Radio

From: James M Snell <jasnell@gmail.com>
Date: Thu, 14 Nov 2013 14:57:00 -0800
Message-ID: <CABP7Rbdaogtppg0sagr_GdxRKZJ7df+CBvsR+cy8pR7NZVfXRw@mail.gmail.com>
To: Adrien de Croy <adrien@qbik.com>
Cc: Roberto Peon <grmocg@gmail.com>, Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>, Bruce Perens <bruce@perens.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
On Thu, Nov 14, 2013 at 1:53 PM, Adrien de Croy <adrien@qbik.com> wrote:
> actually I agree with this.
> That's why I suggested a long time ago we should look at another port number
> for http2.  100 is available.

+1. HTTP/2 is a fundamentally new protocol. Attempting to stuff it
over port 80 or even 443 is a mistake. That's why we have different
ports in the first place, isn't it? Quit violating the basic design
principles of the underlying layers and suddenly the problem gets a
lot easier to solve... it helps simplify the upgrade path also.

- James

> I know there is an enormous amount of pain with this path, but it could
> still be less than the current path.
> ------ Original Message ------
> From: "Roberto Peon" <grmocg@gmail.com>
> To: "Julian Reschke" <julian.reschke@gmx.de>
> Cc: "HTTP Working Group" <ietf-http-wg@w3.org>; "Bruce Perens"
> <bruce@perens.com>; "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
> Sent: 15/11/2013 9:25:22 a.m.
> Subject: Re: HTTP 2.0 mandatory security vs. Amateur Radio
> As I seem to be saying over and over...
> We can wish for plaintext http2 over the internet on port 80 as much as we
> want, but it won't happen since it is not reliable, and the nature of that
> unreliability is not predictable.
> Few websites will be willing to turn on http2 if it means losing 10-20% of
> their user base. And that really is what we are talking about.
> -=R
> On Nov 14, 2013 8:40 AM, "Julian Reschke" <julian.reschke@gmx.de> wrote:
>> On 2013-11-14 18:49, Roberto Peon wrote:
>>> There is a means of opting out, however, which exists and is widely
>>> deployed: http1
>> And the WG has a mandate to develop a replacement for 1.1, called 2.0. If
>> we do not indent to develop that protocol anymore, we should re-charter.
>>> There was near unanimity at the plenary that we should do something
>>> about pervasive monitoring, and while I don't believe that there were
>>> any actuonable , unambiguous dieectuves , the spirit of the room was
>>> quite clear. The IETF intends to attempt to do something about this.
>> Yes. What we disagree on what that means for HTTP: URIs.
>>> ...
>> Best regards, Julian
Received on Thursday, 14 November 2013 22:57:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC