- From: Martin Nilsson <nilsson@opera.com>
- Date: Mon, 30 Jul 2012 19:14:19 +0200
- To: ietf-http-wg@w3.org
On Mon, 30 Jul 2012 17:09:57 +0200, patrick mcmanus <pmcmanus@mozilla.com> wrote: > On 7/30/2012 12:02 AM, Poul-Henning Kamp wrote: >> >> It is not clear to me exactly what these major implementers mean when >> they say "TLS is mandatory" >> >> Do they mean "TLS MUST be supported" or "TLS MUST be used" ? > > I mean that HTTP/2 must be secure against (at least) passive > eavesdropping attacks at all times. TLS is the bird-in-hand for that > right now, but it does not exclude other solutions. Other properties of > TLS are desirable too, but they don't necessarily rise to the level of > mandatory to implement for me. > I think such requirement will immediately prompt development of HTTP/2-light without TLS for use in intra-data-center communications (and China and India). /Martin Nilsson -- Using Opera's revolutionary email client: http://www.opera.com/mail/
Received on Monday, 30 July 2012 17:14:52 UTC