W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: A proposal

From: Adrien de Croy <adrien@qbik.com>
Date: Tue, 19 Nov 2013 22:32:14 +0000
To: "Zhong Yu" <zhong.j.yu@gmail.com>
Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Mike Belshe" <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <em2e0e431f-78f3-4127-8994-938562a8e560@bodybag>

it would be interesting to get (if they have one) an official MS view on 
this.

Given that they also make web servers, it would be even more 
interesting.

It's interesting to play out the scenario from a server vendor 
perspective.



------ Original Message ------
From: "Zhong Yu" <zhong.j.yu@gmail.com>
To: "Adrien de Croy" <adrien@qbik.com>
Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>; "Mike Belshe" 
<mike@belshe.com>; "Roy T. Fielding" <fielding@gbiv.com>; "HTTP Working 
Group" <ietf-http-wg@w3.org>
Sent: 20/11/2013 11:21:23 a.m.
Subject: Re: A proposal
>Fortunately, a server with plaintext http/2 can always advise users to
>use Internet Explorer for better experience. Thank Microsoft.
>
>Zhong Yu
>
>On Tue, Nov 19, 2013 at 4:04 PM, Adrien de Croy <adrien@qbik.com> 
>wrote:
>>
>>  it is interesting the biggest pushers of mandatory TLS are those who 
>>stand
>>  to suffer the least from it. Browser makers.
>>
>>  Are any server makers or (reverse-) proxy makers here proponents of
>>  mandatory TLS? I can't imagine a server author taking the step of 
>>requiring
>>  all their customers to suddenly buy certs. At least not be the first 
>>to do
>>  so. They are the ones who will have to deal with the backlash and
>>  incredible inertia of getting their customers to change.
>>
>>  Without servers supporting mandatory TLS, it's kinda pointless for 
>>browser
>>  makers to assert they won't implement plaintext http/2.0. Since the 
>>cert
>>  must be installed on the server (not the client/browser), I think it 
>>would
>>  be better to let the server authors take the lead on this surely?
>>
>>
>>  Adrien
>>
>>
>>  ------ Original Message ------
>>  From: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>
>>  To: "Mike Belshe" <mike@belshe.com>
>>  Cc: "Roy T. Fielding" <fielding@gbiv.com>; "HTTP Working Group"
>>  <ietf-http-wg@w3.org>
>>  Sent: 20/11/2013 8:07:15 a.m.
>>  Subject: Re: A proposal
>>>
>>>
>>>  Le Mar 19 novembre 2013 10:45, Mike Belshe a écrit :
>>>
>>>>   Alright, well thats all fine, but I really don't know why you're 
>>>>going
>>>>  off
>>>>   on this rant. Can you cite for me the specific quote from anyone 
>>>>on
>>>>   this
>>>>   list who declared or implied that TLS was a comprehensive solution 
>>>>for
>>>>   'security' or 'privacy'? I don't think anyone did, so this rant is
>>>>  really
>>>>   unnecessary.
>>>
>>>
>>>  That's playing with words, Chrome and Mozilla representatives have 
>>>been
>>>  quite clear they wanted to force a TLS-only web for 'security' and
>>>  'privacy'. Even though there is a ton of things those browsers could 
>>>do
>>>  *now* to improve privacy without fostering pki on everyone else.
>>>
>>>  Really, it's getting quite annoying to see all this forceful selling 
>>>of
>>>  TLS in the name of privacy and security while systematically 
>>>stonewalling
>>>  any attempt to consider the parts of the protocol that are used to 
>>>data
>>>  mine users now (let's use the business term not emotional appeals).
>>>
>>>  --
>>>  Nicolas Mailhot
>>>
>>>
>>
>>
>
Received on Tuesday, 19 November 2013 22:32:01 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC