W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: Karl Dubost <karl@la-grange.net>
Date: Wed, 13 Nov 2013 18:09:25 -0500
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <2CD41345-E297-4FB7-9050-2951BBB57592@la-grange.net>
To: Mike Belshe <mike@belshe.com>
(trimming the cc)

Le 13 nov. 2013 à 15:41, Mike Belshe <mike@belshe.com> a écrit :
>     c) otherwise actively leveraging plaintext HTTP today for business or pleasure

I'm one of this (indeed rare) person who is having a Web site, do not have analytics, do not have comments, or anything, do not set any cookies of any sort, etc. Plain HTTP works for me in the sense that it is easy to set up, and hack. Installing a server and requiring certificates is still not easy (in my scale of easy).

We should definitely push for better security. Make HTTP2 dependent on security everywhere might make it harder if the rest of the stack doesn't follow: Aka make it as dead simple to enable security than to start an http server. :)

Karl Dubost
Received on Wednesday, 13 November 2013 23:09:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:19 UTC