W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

RE: HTTP 2.0 mandatory security vs. Amateur Radio

From: Markus Lanthaler <markus.lanthaler@gmx.net>
Date: Fri, 15 Nov 2013 11:47:00 +0100
To: "'HTTP Working Group'" <ietf-http-wg@w3.org>
Message-ID: <00b801cee1f0$03ddc7f0$0b9957d0$@lanthaler@gmx.net>
> On Nov 14, 2013 8:40 AM, "Julian Reschke" <julian.reschke@gmx.de> wrote:
> > On 2013-11-14 18:49, Roberto Peon wrote:
> > There is a means of opting out, however, which exists and is widely
> > deployed: http1
>
> And the WG has a mandate to develop a replacement for 1.1, called 2.0. If
> we do not indent to develop that protocol anymore, we should re-charter.
>
> > There was near unanimity at the plenary that we should do something
> > about pervasive monitoring, and while I don't believe that there were
> > any actuonable , unambiguous dieectuves , the spirit of the room was
> > quite clear. The IETF intends to attempt to do something about this.
>
> Yes. What we disagree on what that means for HTTP: URIs.

I would like to know the answer for that as well. By using https instead of http you don't just change the bits on the wire but also a lot of other stuff (at least) in browsers. For example referrers are not sent anymore, information in form fields isn't stored anymore for autocompletion etc. etc. I think it would be very beneficial to still keep this distinction of sensitivity/confidentiality. Whether traffic to http URIs is then (optimistically) encrypted or not, doesn't really matter to the average end user.


--
Markus Lanthaler
@markuslanthaler
Received on Friday, 15 November 2013 10:47:36 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC