W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: Re[2]: Some reasons why mandating use ofSSL for HTTP is a really bad idea

From: James M Snell <jasnell@gmail.com>
Date: Tue, 17 Jul 2012 23:35:58 -0700
Message-ID: <CABP7RbfZ4bq7MH6JBkgJ6XMdw3DwY3uMQbuWtSGLB92qSPMmrg@mail.gmail.com>
To: Mike Belshe <mike@belshe.com>
Cc: "Adrien W. de Croy" <adrien@qbik.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Tue, Jul 17, 2012 at 10:09 PM, Mike Belshe <mike@belshe.com> wrote:

> [snip]
>> E.g. China, India, several mid-eastern and former soviet countries.
>>   [snip]
> Well, when you've got a specific country to talk about, please raise the
> issue.
Well.. there's China for one.. A quick google search reveals that current
Chinese IT Law apparently forbids Chinese citizens from utilizing
self-developed encryption products and in fact must seek the governments
permission to purchase and use any product that provides encryption
services. Requiring TLS for SPDY would, apparently, make it effectively
illegal for anyone in China to roll their own HTTP/2.0 implementation
without getting the governments approval. Now I'm far from being an expert
on Chinese IT Law but that seems rather counter productive to me.

- James
Received on Wednesday, 18 July 2012 06:36:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:03 UTC