W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: HTTP 2.0 mandatory security vs. Amateur Radio

From: Roberto Peon <grmocg@gmail.com>
Date: Thu, 14 Nov 2013 01:19:00 -0800
Message-ID: <CAP+FsNe0nUVao-FXw+ZqFZ8JBsw1XfqhuOW9ErTC0yr8sTKDCg@mail.gmail.com>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Bruce Perens <bruce@perens.com>
On Nov 13, 2013 11:09 PM, "Nicolas Mailhot" <nicolas.mailhot@laposte.net>
> Le Jeu 14 novembre 2013 09:16, Roberto Peon a écrit :
> > One of the reasons why http/1.1 is what people use on port 80 is because
> > that is all which reliably traverses it.
> And it reliably traverses it because there is a wide array of solutions on
> the market that permit its filtering. If you remove this security
> property, port 80 reliable availability will become something of the past
> and it will join the long list of protocols too annoying to control to be
> permitted on network boundaries.

No, you have this backwards.


> Most people do not trust random server hosts on the Internet. Mandatory
> TLS assume they will. Given how diverse the human population is, there is
> no chance in hell for that to happen. (yes this wg can remove possibility
> of fine-grained filtering. You'll see people dropping whole continents at
> the ip level instead, like already happens for mail).
> There have still not been any explanation why traffic must be 100%
> encrypted. People do not wear black balaclavas by default in real life
> just in case a CCTV camera or a Google car passes by.

Are you not current with the news about pervasive monitoring?


> --
> Nicolas Mailhot
Received on Thursday, 14 November 2013 09:19:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:19 UTC