W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: HTTP 2.0 mandatory security vs. Amateur Radio

From: Ryan Hamilton <rch@google.com>
Date: Thu, 14 Nov 2013 16:28:50 -0800
Message-ID: <CAJ_4DfS-1ebHScyRUe2tPyde0rD2A=3itWr+a7HNyWSzSbqP9w@mail.gmail.com>
To: David Morris <dwm@xpasc.com>
Cc: Bruce Perens <bruce@perens.com>, Roberto Peon <grmocg@gmail.com>, James Snell <jasnell@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>, Julian Reschke <julian.reschke@gmx.de>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
On Thu, Nov 14, 2013 at 4:16 PM, David Morris <dwm@xpasc.com> wrote:

> On Thu, 14 Nov 2013, Bruce Perens wrote:
> > On 11/14/2013 12:21 PM, Roberto Peon wrote:
> >
> >
> >       We can wish honey dreams all day and night long of a web where
> deploying plaintext works
> >
> > Gosh, how badly that dumb Tim B-L failed because he didn't encrypt from
> the very start. The web might have
> > been a success if he'd just listened to you. :-)
> >
> > Plaintext works if you aren't attempting to subvert the entire protocol
> by tunneling through it.
> Yeah, I've been doing web work for 18+ years and this is the first claim
> I've seen that plain text makes the web unreliable.

​Plain-text HTTP/1 is reliable (as Roberto said).  However plain-text of
any other protocol on port 80 (WebSockets, HTTP/2.x etc) is *not* reliable
because of middle boxes that attempt to process that traffic as HTTP/1.

> What I know for sure
> is that adding certficate management has filled my experience with
> headaches from a server administrator's perspective.
> There are products that subvert ssl/tls because the controlling interested
> parties won't allow their networks to be subjected to unispectable
> traffic.
> I'm tired of hearing about pervasive snooping by governments where our
> commercial providers are busy scanning email traffic after it is
> in their environment. Encryption isn't going to make my web experience
> more reliable, my empirical evidences is that we'll just have one more
> thing to cause end user confusion and frustration.
> Dave Morris
Received on Friday, 15 November 2013 00:29:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:19 UTC