W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: RFC1918 + localhost

From: Adrien de Croy <adrien@qbik.com>
Date: Tue, 19 Nov 2013 20:43:17 +0000
To: "Roberto Peon" <grmocg@gmail.com>
Cc: "Poul-Henning Kamp" <phk@phk.freebsd.dk>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-Id: <emccc13438-355c-4f9e-b65e-1a1068325fea@bodybag>

seems to me the question at the moment is who gets the choice.

site operators currently get to choose whether they wish their site to 
use TLS or not.  I'd like that to remain. I run a bunch of sites, and I 
don't want to have to go get a bunch of certs, maintain them etc.  It's 
a pain.  I'm not serving anything that needs to be encrypted.  Where I 
do, it is.

web browser users will always have the choice of whether they click on a 
link or button or not.

opting into or out of crypto is only an option if the crypto is 
available.  It's one thing to allow opt-out but mandate availability.  
It's another to make the availability optional.

Mandating availability of crypto is not going to fly IMO, because that 
still incurs the burdens associated with enabling it.

Many people are not capable of making good choices. You wouldn't give 
your 2yr old responsibility for what they should have for dinner every 
night.


------ Original Message ------
From: "Roberto Peon" <grmocg@gmail.com>
To: "Adrien de Croy" <adrien@qbik.com>
Cc: "Poul-Henning Kamp" <phk@phk.freebsd.dk>; "ietf-http-wg@w3.org 
Group" <ietf-http-wg@w3.org>
Sent: 20/11/2013 9:28:31 a.m.
Subject: Re: RFC1918 + localhost
>But in many ways we don't have choice today.
>If you are advocating for choice where both the client and any entity 
>the client connects to explicitly (potentially a proxy) can opt-in or 
>opt-out of encryption, then I'm with you.
>If you are advocating for choice where the user and connected-entity 
>get no say in the matter, then I'm firmly in the not-interested camp.
>
>-=R
>
>
>On Tue, Nov 19, 2013 at 12:24 PM, Adrien de Croy <adrien@qbik.com> 
>wrote:
>>
>>
>>------ Original Message ------
>>From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
>>To: "Adrien de Croy" <adrien@qbik.com>
>>Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
>>Sent: 20/11/2013 9:20:59 a.m.
>>Subject: Re: RFC1918 + localhost
>>>In message <em8b9ccf82-905d-4929-8c41-41362b024e61@bodybag>, "Adrien 
>>>de Croy" w
>>>rites:
>>>
>>>>we need to forget about using this as a demarcation for allowability 
>>>>of
>>>>plaintext or not.
>>>
>>>I'd say we need to stop this charade about us being in a position
>>>to tell people where and when they can use plaintext...
>>>
>>>Are you really trying to reintroduce TLS with "NULL" crypto again ?
>>
>>Me?  no, nor did I ever.  That would be a waste of RTTs.
>>
>>I'm advocating choice.  Like we currently have.
>>
>>
>>>
>>>--
>>>Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
>>>phk@FreeBSD.ORG | TCP/IP since RFC 956
>>>FreeBSD committer | BSD since 4.3-tahoe
>>>Never attribute to malice what can adequately be explained by 
>>>incompetence.
>>
>>
>
Received on Tuesday, 19 November 2013 20:43:04 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC