Re: HTTP2 Expression of Interest from Mike Belshe on 2012-07-18 (ietf-http-wg@w3.org from July to September 2012)

From: Mike Belshe <mike@belshe.com>
Date: Wed, 18 Jul 2012 01:48:17 -0700
To: Henrik Frystyk Nielsen <henrikn@microsoft.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, Willy Tarreau <w@1wt.eu>, Phillip Hallam-Baker <hallam@gmail.com>, "Adrien W. de Croy" <adrien@qbik.com>, Rajeev Bector <rbector@yahoo-inc.com>, Martin Thomson <martin.thomson@gmail.com>, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, Doug Beaver <doug@fb.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CABaLYCtx_PNFrTxkbjgnKpuGX=n8GerzxSQrbfGAKr1qbJzPMg@mail.gmail.com>

On Wed, Jul 18, 2012 at 1:26 AM, Henrik Frystyk Nielsen <
henrikn@microsoft.com> wrote:

> Mike,
>
> I think the reason why your argument fails to convince is that it is made
> at the wrong layer.


I don't think it fails to convince.  I'm winning this argument by a mile!
 I'd be happy to take a poll to find out.

mike




> It is essentially not an HTTP issue but a content provider issue whether
> content is exposed over TLS or not. Every content provider today has the
> option of using TLS or not -- some has chosen to use it and others not. It
> would be much more beneficial if you could convince content providers that
> is it a good idea for them to use TLS.


> I think you would feel the same if I argued that TCP should be abandoned
> in favor or TLS throughout the Internet. Clearly that would feel like
> overreach from a policy point of view that doesn't reflect what TCP is
> actually used for.
>
> I doubt you will find anybody who will "vote against the user" but it also
> somewhat naïve to say that the user is "safe" if we use TLS.


Having TLS does not make you safe.  But not having it *does* make you
unsafe.

Mike



> There are so many other aspects (privacy, tracking, etc.) that directly
> involve content providers directly so rather than focusing on one
> particular aspect (TLS) I would argue that the right discussion to have is
> with content providers about what it means to expose data in a safe manner.
> Not whether TLS should be mandatory in HTTP or not.
>
> Henrik
>
> -----Original Message-----
> From: Julian Reschke [mailto:julian.reschke@gmx.de]
> Sent: Wednesday, July 18, 2012 1:04 AM
> To: Mike Belshe
> Cc: Willy Tarreau; Phillip Hallam-Baker; Adrien W. de Croy; Rajeev Bector;
> Martin Thomson; "Martin J. Dürst"; Doug Beaver; ietf-http-wg@w3.org
> Subject: Re: HTTP2 Expression of Interest
>
> On 2012-07-18 09:50, Mike Belshe wrote:
> > ...
> > It does not go without notice from me that the battle lines are drawn
> > around which type of developer you are.  Browser developers and social
> > content providers are all in the protect-the-users camp (encrypt
> > everything).  Proxy vendors, which have an uncertain role in an
> > encrypted future, are unilaterally against it.  This is a power
> > struggle of products.  Are the endpoints in charge?  Or is the 3rd
> > party middleman in charge?
> >
> > Again, I vote for the user.
> > ...
>
> The user wants security. But the user also wants speed, or the ability to
> access a site from an environment that insists on opening the connection.
>
> Best regards, Julian
>
>
>
>
>
>
>

Received on Wednesday, 18 July 2012 08:48:45 UTC