- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Thu, 29 Mar 2012 07:58:04 +0000
- To: Robert Collins <robertc@squid-cache.org>
- cc: Henry Story <henry.story@bblfish.net>, patrick mcmanus <pmcmanus@mozilla.com>, ietf-http-wg@w3.org
In message <CAJ3HoZ1bnmAs=xR-A9SE6ukYNHS5R--pXTx8T2QN0mabfx1U7Q@mail.gmail.com> , Robert Collins writes: >> Remember that HTTP/2.0 is an offer we can make, not a law we can enforce. > >Its entirely possible as the risks of unencrypted traffic grow, that >jurisdictions will bring in legislation that makes it illegal *not* to >take reasonable steps to protect the personal information of users of >a service. Uhm, that is _already_ the case in EU. HTTPS works fine for that. >So, while it is true that *one* factor we have to consider when >assessing *concrete proposals* is whether the proposal as a whole will >be seen as an improvement by *most* HTTP implementors, I don't think making TLS mandatory should be resolved on some kind of pissing contest about what "most" means. There are legitimate use cases for having TLS and for not having TLS and we need to cater to both use cases if we want HTTP/2.0 to be relevant. IPv6 catered to only one end of the wire, and that's why it has taken it 20 years to get nowhere. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 29 March 2012 07:58:34 UTC