W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: HTTP 2.0 mandatory security vs. Amateur Radio

From: David Morris <dwm@xpasc.com>
Date: Thu, 14 Nov 2013 16:16:55 -0800 (PST)
To: Bruce Perens <bruce@perens.com>
cc: Roberto Peon <grmocg@gmail.com>, James Snell <jasnell@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>, Julian Reschke <julian.reschke@gmx.de>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <alpine.LRH.2.01.1311141608450.24704@egate.xpasc.com>


On Thu, 14 Nov 2013, Bruce Perens wrote:

> On 11/14/2013 12:21 PM, Roberto Peon wrote:
> 
> 
>       We can wish honey dreams all day and night long of a web where deploying plaintext works
> 
> Gosh, how badly that dumb Tim B-L failed because he didn't encrypt from the very start. The web might have
> been a success if he'd just listened to you. :-)
> 
> Plaintext works if you aren't attempting to subvert the entire protocol by tunneling through it.

Yeah, I've been doing web work for 18+ years and this is the first claim 
I've seen that plain text makes the web unreliable. What I know for sure
is that adding certficate management has filled my experience with
headaches from a server administrator's perspective.

There are products that subvert ssl/tls because the controlling interested
parties won't allow their networks to be subjected to unispectable
traffic.

I'm tired of hearing about pervasive snooping by governments where our
commercial providers are busy scanning email traffic after it is
in their environment. Encryption isn't going to make my web experience
more reliable, my empirical evidences is that we'll just have one more
thing to cause end user confusion and frustration.

Dave Morris
Received on Friday, 15 November 2013 00:17:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC