Re: HTTP 2.0 mandatory security vs. Amateur Radio

On Thu, Nov 14, 2013 at 4:16 PM, David Morris <dwm@xpasc.com> wrote:

>
>
> On Thu, 14 Nov 2013, Bruce Perens wrote:
>
> > On 11/14/2013 12:21 PM, Roberto Peon wrote:
> >
> >
> >       We can wish honey dreams all day and night long of a web where
> deploying plaintext works
> >
> > Gosh, how badly that dumb Tim B-L failed because he didn't encrypt from
> the very start. The web might have
> > been a success if he'd just listened to you. :-)
> >
> > Plaintext works if you aren't attempting to subvert the entire protocol
> by tunneling through it.
>
> Yeah, I've been doing web work for 18+ years and this is the first claim
> I've seen that plain text makes the web unreliable.


​Plain-text HTTP/1 is reliable (as Roberto said).  However plain-text of
any other protocol on port 80 (WebSockets, HTTP/2.x etc) is *not* reliable
because of middle boxes that attempt to process that traffic as HTTP/1.


> What I know for sure
> is that adding certficate management has filled my experience with
> headaches from a server administrator's perspective.
>
> There are products that subvert ssl/tls because the controlling interested
> parties won't allow their networks to be subjected to unispectable
> traffic.
>
> I'm tired of hearing about pervasive snooping by governments where our
> commercial providers are busy scanning email traffic after it is
> in their environment. Encryption isn't going to make my web experience
> more reliable, my empirical evidences is that we'll just have one more
> thing to cause end user confusion and frustration.
>
> Dave Morris
>
>

Received on Friday, 15 November 2013 00:29:25 UTC