- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 19 Jul 2012 17:24:37 -0700
- To: Peter Saint-Andre <stpeter@stpeter.im>
- Cc: Mike Belshe <mike@belshe.com>, Phillip Hallam-Baker <hallam@gmail.com>, httpbis mailing list <ietf-http-wg@w3.org>
On Thu, Jul 19, 2012 at 2:48 PM, Peter Saint-Andre <stpeter@stpeter.im> wrote: > On 7/19/12 3:29 PM, Mike Belshe wrote: >> On Thu, Jul 19, 2012 at 12:46 PM, Phillip Hallam-Baker <hallam@gmail.com >> <mailto:hallam@gmail.com>> wrote: >> >> Adam is speaking about the use of HTTP in Web browsing. There is no >> question that TLS should always be on for Web browsing. >> >> >> Oh! >> >> I'd be happy with this compromise. > > At the protocol level, there is no such thing as web browsing vs. web > services, there's just HTTP. Jeff Hodges likes to talk about web > applications. [1] Sure, you want your banking app to be TLS-protected > with HSTS and so on. For visiting your friend's website of cat pictures, > not so much. They're both "web browsing", but the use cases are totally > different. Why would we treat them the same? Mostly because of economies of scale. We could build entirely different browsers, protocols, and technologies for banking and for cat pictures, but there's a lot of value in using the same primitives for both. There's a cost in the sense that neither gets exactly the stack they would have built for themselves, but the benefits of using commodity infrastructure outweigh those costs. > And how are they fundamentally different from web services? Mostly in that they're accessed via web browsers and browser vendors compete on offering the best security. It's one of the top things users care about in choosing a browser, along with speed and compatibility. Adam
Received on Friday, 20 July 2012 00:25:36 UTC