W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-02.txt

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sat, 14 Dec 2013 19:20:40 +0000
Message-ID: <52ACAF88.2040202@cs.tcd.ie>
To: "William Chan (陈智昌)" <willchan@chromium.org>, Paul Hoffman <paul.hoffman@gmail.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>

Possibly a different thread really but...

On 12/14/2013 05:20 AM, William Chan (陈智昌) wrote:
> Anyhow,
> we don't support any type of opportunistic encryption, especially
> unauthenticated. We want people to use https://, therefore we more or
> less only plan to support HTTP/2 for https:// URIs. Let me know if
> this still leaves anything unclear.

What that leaves unclear for me is how the current 30-40% of web
sites that are setup for some form of TLS will suddenly become
99%. Without some other action on helping sites get certs, it
just won't happen would be my prediction.

I think its all the more puzzling when contrasted with other cases
where people claim that we can't do X because that'd cause a problem
for 1% of the web, but yet here you seem to be saying its ok to
do this when it'd cause a problem for 60-70% of the web. (I don't
recall whether or not you've made such claim William.)

Even if only as a backup in case that 30-40% -> 99% transition
fails, I'd hope folks do continue working on ways to provide
opportunistic encryption for HTTP/2.0.

On the current draft - its seems quite odd to ignore the existing
anon-DH ciphersuites when trying to do opportunistic encryption.

S.
Received on Saturday, 14 December 2013 19:21:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC