- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 15 Nov 2013 12:00:27 +0800
- To: HTTP Working Group <ietf-http-wg@w3.org>
We’ve seen a lot of discussion of the proposed response to pervasive monitoring, as well as a number of new participants (welcome!). The volume (in both senses of the word) of this discussion was perhaps predictable, but it doesn’t help us move forward. It’s very important that people’s positions be heard, but if we don’t transform those opinions into concrete action, we won’t do anything — and again, we had strong agreement that this is is not an acceptable outcome. Furthermore, if the discussion continues at this volume without resolution, we put our primary deliverable — a better HTTP — at risk, which is also unacceptable. So, while the last couple of days have been relatively open-season (i.e., I’ve only called people out when they drift towards ad hominem or other destructive patterns), I’m going to be reminding people to stay on-topic for *this* working group’s charter moving forward. In particular, I’ve started to open new issues to track where I think our discussion needs to go: * HTTP2 and http:// URIs on the "open” internet <https://github.com/http2/http2-spec/issues/314> — this is the most relevant issue to our current discussion. You can move it forward by proposing specific text for the spec. * Opportunistic Encryption <https://github.com/http2/http2-spec/issues/315> — this issue is on hold for the moment, but not closed. * “Explicit” Proxies <https://github.com/http2/http2-spec/issues/316> — several people have expressed interest in this, and we’re looking for use cases and proposals to flesh it out. Note that we’re likely to have more proxy-related issues soon. * TLS man-in-the-middle <https://github.com/http2/http2-spec/issues/317> — this is a liaison issue; i.e., if someone else has a solution to this problem that we think will improve HTTP, we can reference or even require its use. * TLS profile for HTTP <https://github.com/http2/http2-spec/issues/318> — as discussed during perpass and elsewhere, we can improve how HTTP uses TLS, regarding cipher suites, extensions, etc. This is listed as a liaison issue for the moment, since there’s a larger discussion around use of TLS in the IETF. * User Experience for TLS <https://github.com/http2/http2-spec/issues/319> — another liaison issue about how different aspects of TLS are presented to the user. * Orphaning http:// URIs <https://github.com/http2/http2-spec/issues/320> — as brought up by Julian, we need to figure out how important this is, and what an appropriate response is. Focusing discussion on specific issues will help us move forward, rather than in circles. It’s doubtless that we’ll add more issues as we go on, as well as refine the ones that I’ve sketched in. While anyone can add an issue to the list, I’m asking people to exercise restraint; if an issue looks like advocacy, is a duplicate, or doesn’t help us converge on consensus, I won’t hesitate to delete it. I strongly suggest that new issues be discussed on the list first (flagging the proposal with a subject that begins with “Proposed issue:”). Finally, while we have the ability to comment on issues, I will remind people that substantial discussion needs to happen on *this* list, not there. I.e., if you have a question about the scope or intent of an issue, it’s fine to ask it in a comment there; if you want to state an opinion or provide facts, it needs to be over here. Note also that the “liaison issues” are fundamentally about work that happens SOMEWHERE ELSE — we might talk about how much we like that work, whether we’ll use it, etc., but the actual work doesn’t happen here. I know some people don’t like it when we say something isn’t our problem, but doing so helps us actually get the work for which we’re responsible done. Regards, -- Mark Nottingham http://www.mnot.net/
Received on Friday, 15 November 2013 04:00:55 UTC