Re: Moving forward on improving HTTP's security

I second Karl's point. I think you'd get a lot more people on board if 
you simplified the processes surrounding SSL, from configuration to 
dealing with CAs. Running a CA is both an expensive and complex 
operation. As a result, dealing with them is equally painful and expensive.

If you could improve these fronts, you'd have my vote.


On 13/11/2013 6:09 PM, Karl Dubost wrote:
> (trimming the cc)
> Le 13 nov. 2013 à 15:41, Mike Belshe <> a écrit :
>>      c) otherwise actively leveraging plaintext HTTP today for business or pleasure
> I'm one of this (indeed rare) person who is having a Web site, do not have analytics, do not have comments, or anything, do not set any cookies of any sort, etc. Plain HTTP works for me in the sense that it is easy to set up, and hack. Installing a server and requiring certificates is still not easy (in my scale of easy).
> We should definitely push for better security. Make HTTP2 dependent on security everywhere might make it harder if the rest of the stack doesn't follow: Aka make it as dead simple to enable security than to start an http server. :)

Received on Thursday, 14 November 2013 05:32:54 UTC