- From: Markus Lanthaler <markus.lanthaler@gmx.net>
- Date: Fri, 15 Nov 2013 11:47:00 +0100
- To: "'HTTP Working Group'" <ietf-http-wg@w3.org>
> On Nov 14, 2013 8:40 AM, "Julian Reschke" <julian.reschke@gmx.de> wrote: > > On 2013-11-14 18:49, Roberto Peon wrote: > > There is a means of opting out, however, which exists and is widely > > deployed: http1 > > And the WG has a mandate to develop a replacement for 1.1, called 2.0. If > we do not indent to develop that protocol anymore, we should re-charter. > > > There was near unanimity at the plenary that we should do something > > about pervasive monitoring, and while I don't believe that there were > > any actuonable , unambiguous dieectuves , the spirit of the room was > > quite clear. The IETF intends to attempt to do something about this. > > Yes. What we disagree on what that means for HTTP: URIs. I would like to know the answer for that as well. By using https instead of http you don't just change the bits on the wire but also a lot of other stuff (at least) in browsers. For example referrers are not sent anymore, information in form fields isn't stored anymore for autocompletion etc. etc. I think it would be very beneficial to still keep this distinction of sensitivity/confidentiality. Whether traffic to http URIs is then (optimistically) encrypted or not, doesn't really matter to the average end user. -- Markus Lanthaler @markuslanthaler
Received on Friday, 15 November 2013 10:47:36 UTC