------ Original Message ------
From: "Mike Belshe" mike@belshe.com
>
>
>On Wed, Jul 18, 2012 at 1:26 AM, Henrik Frystyk Nielsen <henrikn@microsoft.com> wrote:
> Mike,
>
> I think the reason why your argument fails to convince is that it is
> made at the wrong layer.
I don't think it fails to convince. I'm winning this argument by a
mile! I'd be happy to take a poll to find out.
It must be getting very late there Mike, we appreciate your engagement
in the issue, but I don't think it's accurate to claim you're even
ahead in the argument.
Adrien
>
>mike
>
>
> It is essentially not an HTTP issue but a content provider issue
> whether content is exposed over TLS or not. Every content provider
> today has the option of using TLS or not -- some has chosen to use it
> and others not. It would be much more beneficial if you could
> convince content providers that is it a good idea for them to use
> TLS.
I think you would feel the same if I argued that TCP should be
abandoned in favor or TLS throughout the Internet. Clearly that would
feel like overreach from a policy point of view that doesn't reflect
what TCP is actually used for.
I doubt you will find anybody who will "vote against the user" but it
also somewhat naïve to say that the user is "safe" if we use TLS.
Having TLS does not make you safe. But not having it *does* make you
unsafe.
Mike
There are so many other aspects (privacy, tracking, etc.) that
directly involve content providers directly so rather than focusing
on one particular aspect (TLS) I would argue that the right
discussion to have is with content providers about what it means to
expose data in a safe manner. Not whether TLS should be mandatory in
HTTP or not.
Henrik
-----Original Message-----
From: Julian Reschke [mailto:julian.reschke@gmx.de]
Sent: Wednesday, July 18, 2012 1:04 AM
To: Mike Belshe
Cc: Willy Tarreau; Phillip Hallam-Baker; Adrien W. de Croy; Rajeev
Bector; Martin Thomson; "Martin J. Dürst"; Doug Beaver; ietf-http-wg@w3.org
Subject: Re: HTTP2 Expression of Interest
On 2012-07-18 09:50, Mike Belshe wrote:
> ...
> It does not go without notice from me that the battle lines are
drawn
> around which type of developer you are. Browser developers and
social
> content providers are all in the protect-the-users camp (encrypt
> everything). Proxy vendors, which have an uncertain role in an
> encrypted future, are unilaterally against it. This is a power
> struggle of products. Are the endpoints in charge? Or is the 3rd
> party middleman in charge?
>
> Again, I vote for the user.
> ...
The user wants security. But the user also wants speed, or the
ability to access a site from an environment that insists on opening
the connection.
Best regards, Julian