- From: J Ross Nicoll <jrn@jrn.me.uk>
- Date: Wed, 28 Mar 2012 09:48:25 +0100
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- CC: ietf-http-wg@w3.org
I'd like to add low-power use cases (e.g. sensor networks) to that, as well, where the overhead of TLS is a non-trivial issue both in CPU time and battery power. I maintain that if we try forcing TLS in HTTP 2.0, many people will complain, and then fork their own versions of HTTP 2.0 without TLS. Best case scenario is a single sensible standard that models HTTP without TLS, more likely we'll end up with 2-3 subtly incompatible versions and a huge stack of workarounds to hold the mess together. Ross On 28/03/2012 08:21, Poul-Henning Kamp wrote: > Everything, that is, except performance and choice. There is no way to > get around that mandatory TLS is overkill in many high-volume > applications, most notably p0rn. If you want to kill HTTP/1.1, you > have to make HTTP/2.0 a good idea for the 50% of web traffic > consisting of pink bits. Second, there are places where TLS is simply > not a good idea, either because other security measures are in place, > or because transparency is specifically called for (Think: Flight > Recorder).
Received on Wednesday, 28 March 2012 08:48:55 UTC