Re: HTTP 2.0 mandatory security vs. Amateur Radio

On 15/11/2013 1:28 p.m., Ryan Hamilton wrote:
> On Thu, Nov 14, 2013 at 4:16 PM, David Morris <dwm@xpasc.com> wrote:
> 
>>
>>
>> On Thu, 14 Nov 2013, Bruce Perens wrote:
>>
>>> On 11/14/2013 12:21 PM, Roberto Peon wrote:
>>>
>>>
>>>       We can wish honey dreams all day and night long of a web where
>> deploying plaintext works
>>>
>>> Gosh, how badly that dumb Tim B-L failed because he didn't encrypt from
>> the very start. The web might have
>>> been a success if he'd just listened to you. :-)
>>>
>>> Plaintext works if you aren't attempting to subvert the entire protocol
>> by tunneling through it.
>>
>> Yeah, I've been doing web work for 18+ years and this is the first claim
>> I've seen that plain text makes the web unreliable.
> 
> ​Plain-text HTTP/1 is reliable (as Roberto said).  However plain-text of
> any other protocol on port 80 (WebSockets, HTTP/2.x etc) is *not* reliable
> because of middle boxes that attempt to process that traffic as HTTP/1.


Which is due to RFC 2616 section 1.4 paragraphs 3 & 4.

Anyone who does not understand that needs to read that section and
familiarize themselves with the second message flow diagram. In
particular the purpose and operation of the stages labeled A, B, C.


Amos

Received on Friday, 15 November 2013 13:09:22 UTC