- From: Willy Tarreau <w@1wt.eu>
- Date: Thu, 14 Nov 2013 00:22:29 +0100
- To: James M Snell <jasnell@gmail.com>
- Cc: Mike Belshe <mike@belshe.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "William Chan (?????????)" <willchan@chromium.org>, Tao Effect <contact@taoeffect.com>, Tim Bray <tbray@textuality.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Nov 13, 2013 at 02:40:24PM -0800, James M Snell wrote: > Strongly recommending the use of TLS is fine; even making it the > default option is fine; mandating TLS is not fine and could be > actively counterproductive to addressing the real underlying problems > by either providing a false sense of security or by actively > encouraging abuse. Perfectly agreed. I think that Mark's proposal of http2 by default for TLS and 1.1 by default for HTTP is fine and balanced. It provides incentive without making things mandatory. You want better experience ? Use HTTP/2 with security. If a web site cares about response time it will support HTTP/2 with security. Those who don't care will not have to make that jump. And those who want/need to have the features of HTTP/2 without security for whatever reasons will simply have to change their browser's settings, use another browser, or maybe will just use some libs or command line tools because this will not be about a browser at all. Willy
Received on Wednesday, 13 November 2013 23:23:00 UTC