- From: SM <sm@resistor.net>
- Date: Fri, 15 Nov 2013 11:11:23 -0800
- To: Bruce Perens <bruce@perens.com>, ietf-http-wg@w3.org
At 23:30 14-11-2013, Bruce Perens wrote: >I definitely don't want to go back to Ma Bell running everything. >But it seems to me that just saying that an encrypted tunnel to one >port must be the solution for everything is a complete abdication of >leadership. Instead of being the protocol designers of the internet, >we become the rats in the walls who sneak all of our new inventions >through a little encrypted hole in what we made. > >We broke the internet. It was because of our tremendous success. It >grew so big that its size and inertia froze it and made further >protocol development impossible. Ok. >Getting out of this problem starts with admitting it, publicly, to >everyone. It then will be necessary to chart the requirements that >will prevent this from happening again, and then to promote and >certify the implementations of those recommendations. History repeats itself. The decision (if a decision is necessary) about whether HTTP 2.0 needs mandatory security does not have to be cast in stone. The constraints of today, e.g. amateur radio, might change by the time this working group delivers the specification. There are alternatives to satisfy the constraints. Some of the alternatives come up their own sets of problems (e.g. MITM). Regards, -sm
Received on Friday, 15 November 2013 19:39:00 UTC