Securing the user<->home-router interaction is mostly orthogonal from using HTTP or HTTP2. On the charter thing: Where does the charter mandate that we must replace HTTP/1.1 in every use-case? -=R On Sun, Nov 17, 2013 at 2:28 PM, Julian Reschke <julian.reschke@gmx.de>wrote: > On 2013-11-17 23:12, Mike Belshe wrote: > >> >> >> >> On Sun, Nov 17, 2013 at 9:06 AM, Stephen Farrell >> <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> wrote: >> >> >> >> On 11/17/2013 04:53 PM, Mike Belshe wrote: >> > OK - I see. >> > >> > I think you're mixing current stats (only 30% of sites today have >> certs - >> > seems high?) with incompatibilities - 100% of sites can get certs >> today if >> > they want them. So HTTP/2 requiring certs would not be >> introducing any >> > technical incompatibility (like running on port 100 would). >> >> But 100% of firewalls could open port 100 too. >> >> >> We measured this inside Google - its not 100% - but it was pretty good. >> Maybe WillChan has those numbers. >> >> >> And saying 100% of sites could get certs ignores the reality >> that they do not and nobody so far seems to have a plan to >> increase the 30%. >> >> >> I'm not understanding why they can't get certs? >> >> Do you mean they really can't, or that they just don't want to or >> believe its too painful? >> > > There'll always be edge cases like the home router that requires initial > config to even connect to the internet. > > If we don't have a plan for using HTTP/2.0 to connect to these devices, > then we're not really replacing 1.1. (Reminder: the charter expects us to > do that). > > > ... > > Best regards, Julian > >
Received on Sunday, 17 November 2013 22:50:45 UTC