Re: HTTP 2.0 mandatory security vs. Amateur Radio from Roberto Peon on 2013-11-14 (ietf-http-wg@w3.org from October to December 2013)

From: Roberto Peon <grmocg@gmail.com>
Date: Thu, 14 Nov 2013 13:14:25 -0800
To: Bruce Perens <bruce@perens.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, James Snell <jasnell@gmail.com>
Message-ID: <CAP+FsNdsk8Kg7QeRCieG4SwhSp8HGRFQDK6KKcF=+SwAGG9DWg@mail.gmail.com>

Ha! Nice turn of phrase there.

I don't see how anyone developing http could have expected what has
developed.

The same has happened to TCP-- middleboxes assume to know things about the
protocol and hinder deployment of features.

Non http1 plaintext on port 80 today doesn't work because proxies developed
expectations about what is going to traverse port 80-- namely a subset of
http1.

-=R
 On Nov 14, 2013 10:51 AM, "Bruce Perens" <bruce@perens.com> wrote:

>  On 11/14/2013 12:21 PM, Roberto Peon wrote:
>
>
> We can wish honey dreams all day and night long of a web where deploying
> plaintext works
>
> Gosh, how badly that dumb Tim B-L failed because he didn't encrypt from
> the very start. The web might have been a success if he'd just listened to
> you. :-)
>
> Plaintext works if you aren't attempting to subvert the entire protocol by
> tunneling through it.
>

Received on Thursday, 14 November 2013 21:14:52 UTC