Re: HTTP2 Expression of Interest

On Wed, Jul 18, 2012 at 1:26 AM, Henrik Frystyk Nielsen <> wrote:

> Mike,
> I think the reason why your argument fails to convince is that it is made
> at the wrong layer.

I don't think it fails to convince.  I'm winning this argument by a mile!
 I'd be happy to take a poll to find out.


> It is essentially not an HTTP issue but a content provider issue whether
> content is exposed over TLS or not. Every content provider today has the
> option of using TLS or not -- some has chosen to use it and others not. It
> would be much more beneficial if you could convince content providers that
> is it a good idea for them to use TLS.

> I think you would feel the same if I argued that TCP should be abandoned
> in favor or TLS throughout the Internet. Clearly that would feel like
> overreach from a policy point of view that doesn't reflect what TCP is
> actually used for.
> I doubt you will find anybody who will "vote against the user" but it also
> somewhat naïve to say that the user is "safe" if we use TLS.

Having TLS does not make you safe.  But not having it *does* make you


> There are so many other aspects (privacy, tracking, etc.) that directly
> involve content providers directly so rather than focusing on one
> particular aspect (TLS) I would argue that the right discussion to have is
> with content providers about what it means to expose data in a safe manner.
> Not whether TLS should be mandatory in HTTP or not.
> Henrik
> -----Original Message-----
> From: Julian Reschke []
> Sent: Wednesday, July 18, 2012 1:04 AM
> To: Mike Belshe
> Cc: Willy Tarreau; Phillip Hallam-Baker; Adrien W. de Croy; Rajeev Bector;
> Martin Thomson; "Martin J. Dürst"; Doug Beaver;
> Subject: Re: HTTP2 Expression of Interest
> On 2012-07-18 09:50, Mike Belshe wrote:
> > ...
> > It does not go without notice from me that the battle lines are drawn
> > around which type of developer you are.  Browser developers and social
> > content providers are all in the protect-the-users camp (encrypt
> > everything).  Proxy vendors, which have an uncertain role in an
> > encrypted future, are unilaterally against it.  This is a power
> > struggle of products.  Are the endpoints in charge?  Or is the 3rd
> > party middleman in charge?
> >
> > Again, I vote for the user.
> > ...
> The user wants security. But the user also wants speed, or the ability to
> access a site from an environment that insists on opening the connection.
> Best regards, Julian

Received on Wednesday, 18 July 2012 08:48:45 UTC