Re: HTTP 2.0 and a Faster, more Mobile-friendly web from patrick mcmanus on 2012-07-30 (ietf-http-wg@w3.org from July to September 2012)

From: patrick mcmanus <pmcmanus@mozilla.com>
Date: Mon, 30 Jul 2012 08:09:57 -0700
To: ietf-http-wg@w3.org
Message-ID: <5016A3C5.2030708@mozilla.com>

On 7/30/2012 12:02 AM, Poul-Henning Kamp wrote:
>
> It is not clear to me exactly what these major implementers mean when
> they say "TLS is mandatory"
>
> Do they mean "TLS MUST be supported" or "TLS MUST be used" ?

I mean that HTTP/2 must be secure against (at least) passive 
eavesdropping attacks at all times. TLS is the bird-in-hand for that 
right now, but it does not exclude other solutions. Other properties of 
TLS are desirable too, but they don't necessarily rise to the level of 
mandatory to implement for me.

Received on Monday, 30 July 2012 15:10:34 UTC