W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: A proposal

From: Patrick McManus <pmcmanus@mozilla.com>
Date: Sun, 17 Nov 2013 14:34:43 -0500
Message-ID: <CAOdDvNpLXKV5K4me83YeApOG0CxmFiP3xKktciY2OWtf1DAkOg@mail.gmail.com>
To: James M Snell <jasnell@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Sun, Nov 17, 2013 at 1:08 PM, James M Snell <jasnell@gmail.com> wrote:

> The volume on the other threads on the security subject is causing far too
> much noise. I have a proposal that offers a compromise approach. I posted
> about this partially in one of the threads but I'm afraid it got lost in
> the noise. Others have touched on the same basic idea:
>
> 1. By default, assign plain text http/2 to a new port.
> 2. Document that plaintext http/2 can be sent over port 80 but document
> the various possible issues with reliability.
> 3. Strongly recommend that http/2 be sent over TLS instead of plaintext.
> 4. Establish a new http2 URL protocol prefix for plaintext http2 over the
> new default port
>
> I will not deploy another cleartext protocol. Especially another one where
the choice of encryption is solely made by the server. It doesn't serve my
user base, or imo the web.

-P



>
Received on Sunday, 17 November 2013 19:35:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC