Discussion of mandatory encryption / privacy impact / etc.

Folks,

We discussed these topics in the second meeting last week. The feeling in the room there needs to be confirmed as consensus around the new charter on this list, but as it is, this topic (mandatory TLS, impact of use of TLS, finer aspects of privacy) should be assumed to be off-topic for this list.

In an nutshell, while we are talking about mechanisms to negotiate or otherwise enable the use of TLS in various situations, we are not talking about what's mandatory to use, the impact of that decision, etc. These discussions are appropriate in places that define the use of HTTP (e.g., in coordination between browser vendors, such as in the W3C), not the protocol definition itself.

If we somehow fail to get consensus on this aspect of the charter (very doubtful, based on what I saw expressed in Vancouver), we can reopen this discussion, but as it is, it isn't helping.

Thanks,

--
Mark Nottingham
http://www.mnot.net/

Received on Monday, 6 August 2012 18:51:08 UTC