W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: HTTP 2.0 mandatory security vs. Amateur Radio

From: SM <sm@resistor.net>
Date: Fri, 15 Nov 2013 11:11:23 -0800
Message-Id: <6.2.5.6.2.20131115101744.0bc07a88@resistor.net>
To: Bruce Perens <bruce@perens.com>, ietf-http-wg@w3.org
At 23:30 14-11-2013, Bruce Perens wrote:
>I definitely don't want to go back to Ma Bell running everything. 
>But it seems to me that just saying that an encrypted tunnel to one 
>port must be the solution for everything is a complete abdication of 
>leadership. Instead of being the protocol designers of the internet, 
>we become the rats in the walls who sneak all of our new inventions 
>through a little encrypted hole in what we made.
>
>We broke the internet. It was because of our tremendous success. It 
>grew so big that its size and inertia froze it and made further 
>protocol development impossible.

Ok.

>Getting out of this problem starts with admitting it, publicly, to 
>everyone. It then will be necessary to chart the requirements that 
>will prevent this from happening again, and then to promote and 
>certify the implementations of those recommendations.

History repeats itself.

The decision (if a decision is necessary) about whether HTTP 2.0 
needs mandatory security does not have to be cast in stone.  The 
constraints of today, e.g. amateur radio, might change by the time 
this working group delivers the specification.  There are 
alternatives to satisfy the constraints.  Some of the alternatives 
come up their own sets of problems (e.g. MITM).

Regards,
-sm 
Received on Friday, 15 November 2013 19:39:00 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC