W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: A proposal

From: Patrick McManus <pmcmanus@mozilla.com>
Date: Sun, 17 Nov 2013 14:34:43 -0500
Message-ID: <CAOdDvNpLXKV5K4me83YeApOG0CxmFiP3xKktciY2OWtf1DAkOg@mail.gmail.com>
To: James M Snell <jasnell@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Sun, Nov 17, 2013 at 1:08 PM, James M Snell <jasnell@gmail.com> wrote:

> The volume on the other threads on the security subject is causing far too
> much noise. I have a proposal that offers a compromise approach. I posted
> about this partially in one of the threads but I'm afraid it got lost in
> the noise. Others have touched on the same basic idea:
> 1. By default, assign plain text http/2 to a new port.
> 2. Document that plaintext http/2 can be sent over port 80 but document
> the various possible issues with reliability.
> 3. Strongly recommend that http/2 be sent over TLS instead of plaintext.
> 4. Establish a new http2 URL protocol prefix for plaintext http2 over the
> new default port
> I will not deploy another cleartext protocol. Especially another one where
the choice of encryption is solely made by the server. It doesn't serve my
user base, or imo the web.


Received on Sunday, 17 November 2013 19:35:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:20 UTC