W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: James M Snell <jasnell@gmail.com>
Date: Thu, 14 Nov 2013 11:20:19 -0800
Message-ID: <CABP7Rbc2gg_xn+F2gQg1PgCzCta304pZLF6RgOZbiUYAeNYxHg@mail.gmail.com>
To: Michael Sweet <msweet@apple.com>
Cc: Mike Belshe <mike@belshe.com>, William Chan (ι™ˆζ™Ίζ˜Œ) <willchan@chromium.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Willy Tarreau <w@1wt.eu>, Tao Effect <contact@taoeffect.com>, Tim Bray <tbray@textuality.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Nov 14, 2013 at 11:13 AM, Michael Sweet <msweet@apple.com> wrote:
> Mike,
> On Nov 14, 2013, at 1:22 PM, Mike Belshe <mike@belshe.com> wrote:
> Printers can just use HTTP/1.1 if they don't want to use TLS, just like they
> can use HTTP/1.0 if they don't support HTTP/1.1
> No, actually, they can't use HTTP/1.0 if they do IPP.  IPP mandates a
> minimum of HTTP/1.1 (for chunking, among other reasons).

I personally find this "Printers can just use HTTP/1.1" attitude to be
extremely arrogant. Forcing the use of TLS adds absolutely nothing to
the base function of HTTP/2 and there is no part of HTTP/2
functionality that depends on anything TLS provides.

- James
Received on Thursday, 14 November 2013 19:21:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:19 UTC