- From: Adrien W. de Croy <adrien@qbik.com>
- Date: Mon, 30 Jul 2012 22:31:00 +0000
- To: "patrick mcmanus" <pmcmanus@mozilla.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
------ Original Message ------ From: "patrick mcmanus" <pmcmanus@mozilla.com> To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org> Sent: 31/07/2012 3:09:57 a.m. Subject: Re: HTTP 2.0 and a Faster, more Mobile-friendly web >On 7/30/2012 12:02 AM, Poul-Henning Kamp wrote: >> >>It is not clear to me exactly what these major implementers mean when >>they say "TLS is mandatory" >> >>Do they mean "TLS MUST be supported" or "TLS MUST be used" ? > >I mean that HTTP/2 must be secure against (at least) passive >eavesdropping attacks at all times. TLS is the bird-in-hand for that >right now, but it does not exclude other solutions. Other properties >of TLS are desirable too, but they don't necessarily rise to the level >of mandatory to implement for me. > by "must be secure", I take it you mean "TLS must be used". Correct? Otherwise you'd have said "must be securable" or similar? Adrien > >
Received on Monday, 30 July 2012 22:31:26 UTC