- From: patrick mcmanus <pmcmanus@mozilla.com>
- Date: Mon, 26 Mar 2012 10:55:38 +0200
- To: ietf-http-wg@w3.org
Hi Roy, On 3/26/2012 10:10 AM, Roy T. Fielding wrote: > On Mar 26, 2012, at 9:44 AM, patrick mcmanus wrote: > > > I've never considered SSL to be a means of securing the protocol. I'm fine with another answer to security if there is a better one available. My expectation is that SSL will evolve to solve some of its shortcomings and that is a reasonable train to be linked on to. > > In any case, the notion that every user wants a secure protocol is > irrelevant. I disagree. To me its fundamental and the checkered history of HTTP/1 in this space should inform the next revision. > There are many examples of HTTP use, in practice, for > which SSL/TLS is neither desired nor appropriate. Even simple things, > like the exchange that Apple devices use to discover network access point > logins, cannot work with an assumption of SSL/TLS. Can you explain the Apple use case in detail? That sounds interesting, although I don't have the presumption that this has to be the only protocol to satisfy every use case.
Received on Monday, 26 March 2012 08:56:03 UTC