W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: A proposal

From: James M Snell <jasnell@gmail.com>
Date: Tue, 19 Nov 2013 08:38:00 -0800
Message-ID: <CABP7RbfmmnqWbs_eNb7PTo_aiOPwqgut07aQp35RJEK4=sq4Vw@mail.gmail.com>
To: Michael Sweet <msweet@apple.com>
Cc: Mike Belshe <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Nov 19, 2013 at 6:38 AM, Michael Sweet <msweet@apple.com> wrote:
[snip]
>
> I know you are trying to be dramatic here, but I don't think "think of the
> children" arguments have any place here.
>

+1 ... honestly, this whole conversation seems to be getting lost in
the weeds, really. Personally, I don't really care whose definition of
"privacy" is more accurate. It would be fantastic if we could get back
to discussing actual technical details. TLS gives us reasonably good
confidentiality of the data in motion over a TCP/IP connection. No, it
doesn't provide privacy, but it addresses at least part of the overall
problem and it's quite useful to adopt as the default option in
probably 95% of our primary use cases. So Mark's proposal suggesting
that we limit plaintext http/2 on port 80 to .local and rfc1918
addresses appears completely reasonable so long as we take the
additional step of defining a new default port for plaintext http/2
everywhere else. If we can get agreement on that one technical point
(as opposed to endless debating about what "privacy" really means)
then we've made progress and can move on to the other important
questions.

- James
Received on Tuesday, 19 November 2013 16:38:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC