- From: Roland Zink <roland@zinks.de>
- Date: Fri, 15 Nov 2013 00:11:22 +0100
- To: ietf-http-wg@w3.org
- Message-ID: <5285589A.7080500@zinks.de>
we can wish of a secure web, but experience from my last hotel stay is that secure web only worked after trying to do an insecure request. So reality is secure web doesn't work reliably. Roland On 14.11.2013 21:21, Roberto Peon wrote: > > It is a fact of deployment, however. > We can wish honey dreams all day and night long of a web where > deploying plaintext works (yes, ignoring the pervasive multi-party > surveillance), but it does little to change reality where it does NOT > work reliably. > > -=R > > On Nov 14, 2013 8:49 AM, "James M Snell" <jasnell@gmail.com > <mailto:jasnell@gmail.com>> wrote: > > On Thu, Nov 14, 2013 at 10:40 AM, Julian Reschke > <julian.reschke@gmx.de <mailto:julian.reschke@gmx.de>> wrote: > > On 2013-11-14 18:49, Roberto Peon wrote: > >> > >> There is a means of opting out, however, which exists and is widely > >> deployed: http1 > > > > > > And the WG has a mandate to develop a replacement for 1.1, > called 2.0. If we > > do not indent to develop that protocol anymore, we should > re-charter. > > > > Very emphatic +1. So far the general sentiment of those pushing for > TLS-only seems to be "If you don't want to be forced to use TLS, > tough, you don't get to play with us then". That's not going to work. > > - James > > > > >> There was near unanimity at the plenary that we should do something > >> about pervasive monitoring, and while I don't believe that > there were > >> any actuonable , unambiguous dieectuves , the spirit of the > room was > >> quite clear. The IETF intends to attempt to do something about > this. > > > > > > Yes. What we disagree on what that means for HTTP: URIs. > > > >> ... > > > > > > Best regards, Julian > > >
Received on Thursday, 14 November 2013 23:11:46 UTC