Re[2]: HTTP2 Expression of Interest from Adrien de Croy on 2012-07-18 (ietf-http-wg@w3.org from July to September 2012)

From: Adrien de Croy <adrien@qbik.com>
Date: Wed, 18 Jul 2012 08:52:51 +0000
To: "Mike Belshe" <mike@belshe.com>, "Henrik Frystyk Nielsen" <henrikn@microsoft.com>
Cc: "Julian Reschke" <julian.reschke@gmx.de>, "Willy Tarreau" <w@1wt.eu>, "Phillip Hallam-Baker" <hallam@gmail.com>, "Rajeev Bector" <rbector@yahoo-inc.com>, "Martin Thomson" <martin.thomson@gmail.com>, Martin J. Dürst <duerst@it.aoyama.ac.jp>, "Doug Beaver" <doug@fb.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <ema1dd9e60-1caa-4640-8204-a114f105b583@reboist>

------ Original Message ------
From: "Mike Belshe" mike@belshe.com
>
>
>On Wed, Jul 18, 2012 at 1:26 AM, Henrik Frystyk Nielsen <henrikn@microsoft.com> wrote:
> Mike,
> 
> I think the reason why your argument fails to convince is that it is 
> made at the wrong layer. 

 I don't think it fails to convince.  I'm winning this argument by a 
 mile!  I'd be happy to take a poll to find out.

It must be getting very late there Mike, we appreciate your engagement 
in the issue, but I don't think it's accurate to claim you're even 
ahead in the argument.

Adrien

>
>mike
>
>

> It is essentially not an HTTP issue but a content provider issue 
> whether content is exposed over TLS or not. Every content provider 
> today has the option of using TLS or not -- some has chosen to use it 
> and others not. It would be much more beneficial if you could 
> convince content providers that is it a good idea for them to use 
> TLS. 

  I think you would feel the same if I argued that TCP should be 
  abandoned in favor or TLS throughout the Internet. Clearly that would 
  feel like overreach from a policy point of view that doesn't reflect 
  what TCP is actually used for.

  I doubt you will find anybody who will "vote against the user" but it 
  also somewhat naïve to say that the user is "safe" if we use TLS. 

 Having TLS does not make you safe.  But not having it *does* make you 
 unsafe.

 Mike

  There are so many other aspects (privacy, tracking, etc.) that 
  directly involve content providers directly so rather than focusing 
  on one particular aspect (TLS) I would argue that the right 
  discussion to have is with content providers about what it means to 
  expose data in a safe manner. Not whether TLS should be mandatory in 
  HTTP or not.

  Henrik

  -----Original Message-----
  From: Julian Reschke [mailto:julian.reschke@gmx.de]
  Sent: Wednesday, July 18, 2012 1:04 AM
  To: Mike Belshe
  Cc: Willy Tarreau; Phillip Hallam-Baker; Adrien W. de Croy; Rajeev 
  Bector; Martin Thomson; "Martin J. Dürst"; Doug Beaver; ietf-http-wg@w3.org
  Subject: Re: HTTP2 Expression of Interest

  On 2012-07-18 09:50, Mike Belshe wrote:
  > ...
  > It does not go without notice from me that the battle lines are 
  drawn
  > around which type of developer you are.  Browser developers and 
  social
  > content providers are all in the protect-the-users camp (encrypt
  > everything).  Proxy vendors, which have an uncertain role in an
  > encrypted future, are unilaterally against it.  This is a power
  > struggle of products.  Are the endpoints in charge?  Or is the 3rd
  > party middleman in charge?
  >
  > Again, I vote for the user.
  > ...

  The user wants security. But the user also wants speed, or the 
  ability to access a site from an environment that insists on opening 
  the connection.

  Best regards, Julian

Received on Wednesday, 18 July 2012 08:53:18 UTC