There is a separate argument for authenticated vs non-authenticated TLS that from a security perspective. -=R On Nov 14, 2013 10:35 AM, "James M Snell" <jasnell@gmail.com> wrote: > As far as I can tell, none of us who are saying no to mandatory TLS > aren't wishing "for plaintext http2 over the internet on port 80". By > all means, make HTTP2 over TLS the default setup. What we are saying > is that making HTTP2 over TLS *mandatory* is not the right thing to > do. > > On Thu, Nov 14, 2013 at 12:25 PM, Roberto Peon <grmocg@gmail.com> wrote: > > As I seem to be saying over and over... > > > > We can wish for plaintext http2 over the internet on port 80 as much as > we > > want, but it won't happen since it is not reliable, and the nature of > that > > unreliability is not predictable. > > > > Few websites will be willing to turn on http2 if it means losing 10-20% > of > > their user base. And that really is what we are talking about. > > > > -=R > > > > On Nov 14, 2013 8:40 AM, "Julian Reschke" <julian.reschke@gmx.de> wrote: > >> > >> On 2013-11-14 18:49, Roberto Peon wrote: > >>> > >>> There is a means of opting out, however, which exists and is widely > >>> deployed: http1 > >> > >> > >> And the WG has a mandate to develop a replacement for 1.1, called 2.0. > If > >> we do not indent to develop that protocol anymore, we should re-charter. > >> > >>> There was near unanimity at the plenary that we should do something > >>> about pervasive monitoring, and while I don't believe that there were > >>> any actuonable , unambiguous dieectuves , the spirit of the room was > >>> quite clear. The IETF intends to attempt to do something about this. > >> > >> > >> Yes. What we disagree on what that means for HTTP: URIs. > >> > >>> ... > >> > >> > >> Best regards, Julian >
Received on Thursday, 14 November 2013 20:39:49 UTC