Re: Moving forward on improving HTTP's security

On Thu, Nov 14, 2013 at 12:13 PM, Zhong Yu <zhong.j.yu@gmail.com> wrote:

>
> If that's the case, WebSocket is also "undeployable" since it tunnels
> though port 80 as well.
>
>
that's right. The failure rate of cleartext websockets is much higher than
SSL wss:// websockets. (the failure rate is almost twice as large in
firefox). That's a significant part of the driver here. Websockets made a
mistake by even specifying cleartext. I was there and I've learned that
lesson.

cleartext just doesn't work as, roberto keeps saying.

The only question in my mind is whether or not to require a real
PKI-as-we-know-it authenticated cert. That has tradeoffs - but at least we
expect it would operate.

Received on Thursday, 14 November 2013 17:34:47 UTC