Re: The TLS hammer and resource integrity

In message <CAJ3HoZ1bnmAs=xR-A9SE6ukYNHS5R--pXTx8T2QN0mabfx1U7Q@mail.gmail.com>
, Robert Collins writes:

>> Remember that HTTP/2.0 is an offer we can make, not a law we can enforce.
>
>Its entirely possible as the risks of unencrypted traffic grow, that
>jurisdictions will bring in legislation that makes it illegal *not* to
>take reasonable steps to protect the personal information of users of
>a service.

Uhm, that is _already_ the case in EU.

HTTPS works fine for that.


>So, while it is true that *one* factor we have to consider when
>assessing *concrete proposals* is whether the proposal as a whole will
>be seen as an improvement by *most* HTTP implementors, 

I don't think making TLS mandatory should be resolved on some kind of
pissing contest about what "most" means.

There are legitimate use cases for having TLS and for not having TLS
and we need to cater to both use cases if we want HTTP/2.0 to be
relevant.

IPv6 catered to only one end of the wire, and that's why it has taken
it 20 years to get nowhere.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Thursday, 29 March 2012 07:58:34 UTC