- From: 陈智昌 <willchan@chromium.org>
- Date: Wed, 13 Nov 2013 11:16:52 -0800
- To: Tao Effect <contact@taoeffect.com>
- Cc: Martin Thomson <martin.thomson@gmail.com>, Mike Belshe <mike@belshe.com>, Tim Bray <tbray@textuality.com>, James M Snell <jasnell@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAA4WUYjea3r4ng9uxxNLY1b=XBJ9efAVsn7uUBDwu++FZxTgUA@mail.gmail.com>
On Wed, Nov 13, 2013 at 11:12 AM, Tao Effect <contact@taoeffect.com> wrote: > On Nov 13, 2013, at 2:06 PM, William Chan (陈智昌) <willchan@chromium.org> > wrote: > > Would it be unreasonable to request that we also not debate PR here, > unless it's directly pertinent to the internet drafts we are standardizing? > I don't really want to change how we do things just because of news > headlines on tech sites. > > > You're not being asked to change "how you do things". > > You're being asked to not spread potentially dangerous misinformation. > Sorry, if we're spreading potentially dangerous misinformation, let's fix that. Can you identify which internet draft has said information so we can fix it? > > - Greg > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA. > > On Nov 13, 2013, at 2:06 PM, William Chan (陈智昌) <willchan@chromium.org> > wrote: > > Would it be unreasonable to request that we also not debate PR here, > unless it's directly pertinent to the internet drafts we are standardizing? > I don't really want to change how we do things just because of news > headlines on tech sites. I'd rather discuss the technical merits of > encouraging further use of secure communication channels in the various > situations described in Mark's original email. > > > On Wed, Nov 13, 2013 at 10:53 AM, Tao Effect <contact@taoeffect.com>wrote: > >> OK, I agree with this sentiment. >> >> What worries me is the emphasis that I see being placed on HTTP 2.0 being >> "secure". >> >> Perhaps it is somewhat of a marketing problem, but nevertheless, it's a >> marketing problem with potentially serious security consequences. >> >> If HTTP/2.0 is flexible enough to allow for very different types of >> authentication practices than the ones currently done with the PKI/CA >> system, then I would support it. >> >> Just make it *_clear_* then that HTTP/2.0 *is not about improving >> security.* >> >> If this is not made crystal clear, then people will continue to see news >> headlines on tech sites that give people the impression that something is >> actually being done to improve the internet's security with this "move to >> HTTP 2.0!", which is horse sh*t. >> >> - Greg >> >> -- >> Please do not email me anything that you are not comfortable also sharing >> with the NSA. >> >> On Nov 13, 2013, at 1:47 PM, Martin Thomson <martin.thomson@gmail.com> >> wrote: >> >> On 13 November 2013 10:42, William Chan (陈智昌) <willchan@chromium.org> >> wrote: >> >> If there are issues with TLS or the PKI or whatever we're relying on for >> the >> secure channel, let's fix it. >> >> >> Yes. We outsource the bulk of HTTP security work to the SEC area >> working groups, primarily TLS. They are acutely aware of the issues >> and are working on improving the situation. Let's concentrate on what >> we can do. >> >> >> > >
Received on Wednesday, 13 November 2013 19:17:19 UTC