- From: David Morris <dwm@xpasc.com>
- Date: Fri, 2 Aug 2013 15:56:42 -0700 (PDT)
- To: "'HTTP Working Group'" <ietf-http-wg@w3.org>
No No No ... unless there is a viable spec for intermediaries which can be known to the user and provide services. It isn't our role as the IETF to take what I believe is a political position by insisting all traffic be encrypted. Nor is it our role to insist on the additional deployement expense related to providing full encryption as the cost of entry. On Fri, 2 Aug 2013, Carsten Kr?ger wrote: > Hello, > > first of all sorry for not knowing what happend before in discussion > of http 2.0. > > Is it still possible to change the http 2.0 draft in a way that > all traffic is encrypted? > I'd like to suggest perfect forward secrecy encryption even if proper > authentication is not possible or wished. > > http2:// is ALWAYS pfs encrytped > https2:// is ALWAYS pfs encrytped and server authenticated > > pfs encryption should be not an option but the default for everyone > that uses http2. > > At present time (PRISM, tempora etc.) it should be the goal to prevent > passive sniffing of traffic. > > greetings > Carsten > >
Received on Friday, 2 August 2013 22:57:10 UTC