W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: A proposal

From: Zhong Yu <zhong.j.yu@gmail.com>
Date: Tue, 19 Nov 2013 16:21:23 -0600
Message-ID: <CACuKZqE2nrKCe9mT7ALF67w=HdXkxgenWPucomS16t2UVdu-Ag@mail.gmail.com>
To: Adrien de Croy <adrien@qbik.com>
Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, Mike Belshe <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
Fortunately, a server with plaintext http/2 can always advise users to
use Internet Explorer for better experience. Thank Microsoft.

Zhong Yu

On Tue, Nov 19, 2013 at 4:04 PM, Adrien de Croy <adrien@qbik.com> wrote:
>
> it is interesting the biggest pushers of mandatory TLS are those who stand
> to suffer the least from it.  Browser makers.
>
> Are any server makers or (reverse-) proxy makers here proponents of
> mandatory TLS?  I can't imagine a server author taking the step of requiring
> all their customers to suddenly buy certs.  At least not be the first to do
> so.  They are the ones who will have to deal with the backlash and
> incredible inertia of getting their customers to change.
>
> Without servers supporting mandatory TLS, it's kinda pointless for browser
> makers to assert they won't implement plaintext http/2.0.  Since the cert
> must be installed on the server (not the client/browser), I think it would
> be better to let the server authors take the lead on this surely?
>
>
> Adrien
>
>
> ------ Original Message ------
> From: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>
> To: "Mike Belshe" <mike@belshe.com>
> Cc: "Roy T. Fielding" <fielding@gbiv.com>; "HTTP Working Group"
> <ietf-http-wg@w3.org>
> Sent: 20/11/2013 8:07:15 a.m.
> Subject: Re: A proposal
>>
>>
>> Le Mar 19 novembre 2013 10:45, Mike Belshe a écrit :
>>
>>>  Alright, well thats all fine, but I really don't know why you're going
>>> off
>>>  on this rant. Can you cite for me the specific quote from anyone on
>>>  this
>>>  list who declared or implied that TLS was a comprehensive solution for
>>>  'security' or 'privacy'? I don't think anyone did, so this rant is
>>> really
>>>  unnecessary.
>>
>>
>> That's playing with words, Chrome and Mozilla representatives have been
>> quite clear they wanted to force a TLS-only web for 'security' and
>> 'privacy'. Even though there is a ton of things those browsers could do
>> *now* to improve privacy without fostering pki on everyone else.
>>
>> Really, it's getting quite annoying to see all this forceful selling of
>> TLS in the name of privacy and security while systematically stonewalling
>> any attempt to consider the parts of the protocol that are used to data
>> mine users now (let's use the business term not emotional appeals).
>>
>> --
>> Nicolas Mailhot
>>
>>
>
>
Received on Tuesday, 19 November 2013 22:21:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC