Re: Re[2]: Some reasons why mandating use ofSSL for HTTP is a really bad idea from James M Snell on 2012-07-18 (ietf-http-wg@w3.org from July to September 2012)

From: James M Snell <jasnell@gmail.com>
Date: Tue, 17 Jul 2012 23:35:58 -0700
To: Mike Belshe <mike@belshe.com>
Cc: "Adrien W. de Croy" <adrien@qbik.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CABP7RbfZ4bq7MH6JBkgJ6XMdw3DwY3uMQbuWtSGLB92qSPMmrg@mail.gmail.com>

On Tue, Jul 17, 2012 at 10:09 PM, Mike Belshe <mike@belshe.com> wrote:

>
> [snip]
>
>> E.g. China, India, several mid-eastern and former soviet countries.
>>
>>   [snip]
> Well, when you've got a specific country to talk about, please raise the
> issue.
>
>
Well.. there's China for one.. A quick google search reveals that current
Chinese IT Law apparently forbids Chinese citizens from utilizing
self-developed encryption products and in fact must seek the governments
permission to purchase and use any product that provides encryption
services. Requiring TLS for SPDY would, apparently, make it effectively
illegal for anyone in China to roll their own HTTP/2.0 implementation
without getting the governments approval. Now I'm far from being an expert
on Chinese IT Law but that seems rather counter productive to me.

- James

Received on Wednesday, 18 July 2012 06:36:48 UTC