Re: Some reasons why mandating use ofSSL for HTTP is a really bad idea from Grahame Grieve on 2012-07-18 (ietf-http-wg@w3.org from July to September 2012)

From: Grahame Grieve <grahame@kestral.com.au>
Date: Wed, 18 Jul 2012 14:20:46 +1000
To: Mike Belshe <mike@belshe.com>
Cc: "Adrien W. de Croy" <adrien@qbik.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CAG47hGYP8OVqUbgxUZx=FO-BmbDM_4B6OeQtb0jmBi+R5RECOg@mail.gmail.com>

> Can you enumerate these?  For debugging, of course it makes sense for
> endpoints to have unencrypted modes.

oh? but it was going to be mandatory. Except when it's not? which is it?
If it's mandatory by policy, but not technically actually required,
then... well..
I think I know how that will turn out.

Grahame

Received on Wednesday, 18 July 2012 04:21:14 UTC