- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 13 Nov 2013 15:26:56 +0100
- To: Tao Effect <contact@taoeffect.com>, Bjoern Hoehrmann <derhoermi@gmx.net>
- CC: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 2013-11-13 15:20, Tao Effect wrote: > Hi list! > > I only just heard about this discussion now, and so I signed up on the list. > > I strongly urge the HTTP working group and the IETF (if that's a different entity) to not rush this and allow more time for feedback from the internet community. > > The IETF is not the internet, and I assure you that there are a lot of people out there working on various solutions independently. They have valuable ideas to share, and feedback to offer. I think it's worth giving them a chance to speak before declaring something "HTTP 2.0". > > What I have read so far of the suggestions here leads me to think the ideas are still very immature. > > Correct me if I'm wrong, but is "HTTP/2.0" still using today's PKI/CA system? > > If so, it is not worthy of the "2.0" designation, as any system that preserves this broken system does not provide any meaningful security guarantees. > ... Both 1.1 and 2.0 use the PKI/CA system only by indirection (through TLS). I agree that there are problems with this system, but addressing those needs to happen in a different working group. Best regards, Julian
Received on Wednesday, 13 November 2013 14:27:29 UTC