- From: Peter Saint-Andre <stpeter@stpeter.im>
- Date: Thu, 19 Jul 2012 15:48:42 -0600
- To: Mike Belshe <mike@belshe.com>
- CC: Phillip Hallam-Baker <hallam@gmail.com>, httpbis mailing list <ietf-http-wg@w3.org>
On 7/19/12 3:29 PM, Mike Belshe wrote: > > > On Thu, Jul 19, 2012 at 12:46 PM, Phillip Hallam-Baker <hallam@gmail.com > <mailto:hallam@gmail.com>> wrote: > > Adam is speaking about the use of HTTP in Web browsing. There is no > question that TLS should always be on for Web browsing. > > > Oh! > > I'd be happy with this compromise. At the protocol level, there is no such thing as web browsing vs. web services, there's just HTTP. Jeff Hodges likes to talk about web applications. [1] Sure, you want your banking app to be TLS-protected with HSTS and so on. For visiting your friend's website of cat pictures, not so much. They're both "web browsing", but the use cases are totally different. Why would we treat them the same? And how are they fundamentally different from web services? Peter [1] https://datatracker.ietf.org/doc/draft-hodges-websec-framework-reqs/
Received on Thursday, 19 July 2012 21:49:10 UTC