Re: Protocol Design 101 (Re: Mandatory encryption) from Paul Hoffman on 2012-07-18 (ietf-http-wg@w3.org from July to September 2012)

From: Paul Hoffman <paul.hoffman@gmail.com>
Date: Wed, 18 Jul 2012 08:50:33 -0700
To: Carsten Bormann <cabo@tzi.org>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <CAPik8yZgXkhN+KAd_dSJShKp3BZPpTxENALj-OizjDmUX-UZBQ@mail.gmail.com>

Given your views, would it be a good protocol design to require TLS
for server authentication, and to allow but not require encryption?
That is, do you think HTTP 2.0 with no mandatory server authentication
is a good or bad protocol design?

--Paul Hoffman

Received on Wednesday, 18 July 2012 15:51:04 UTC