If the only down-side to mandating crypto was that some links that didn't really need it had to implement it, I wouldn't be so strongly against it. But there are scenarios where crypto for HTTP is either impossible, illegal, or highly undesirable. Mandating it is simply incompatible with reality. ------ Original Message ------ From: "James M Snell" <jasnell@gmail.com> To: "Tim Bray" <tbray@textuality.com> Cc: "Doug Beaver" <doug@fb.com>;"Willy Tarreau" <w@1wt.eu>;"ietf-http-wg@w3.org" <ietf-http-wg@w3.org> Sent: 18/07/2012 10:53:38 a.m. Subject: Re: HTTP2 Expression of Interest >Mandatory end-to-end encryption does not make sense. There are >countless scenarios where TLS just isn't necessary. Yes, we can do a >better job but forcing it to be used in scenarios where there is no >PII at risk is just pointless. >- James > >On Tue, Jul 17, 2012 at 3:31 PM, Tim Bray <tbray@textuality.com> wrote: > Pulling a really important paragraph out of Doug’s (long) posting, in > the hope that more people will thus read it. > > On Tue, Jul 17, 2012 at 3:11 PM, Doug Beaver <doug@fb.com> wrote: > > > I think all those positions can be valid. I just happen to think > that even > > given all the above, it is still better to mandate encryption and > give better > > privacy to Internet users than it is to punt the ball down the > field another > > twenty years. > > What he said. -T >
Received on Wednesday, 18 July 2012 02:04:10 UTC