- From: Patrick McManus <pmcmanus@mozilla.com>
- Date: Sun, 17 Nov 2013 14:34:43 -0500
- To: James M Snell <jasnell@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Received on Sunday, 17 November 2013 19:35:15 UTC
On Sun, Nov 17, 2013 at 1:08 PM, James M Snell <jasnell@gmail.com> wrote: > The volume on the other threads on the security subject is causing far too > much noise. I have a proposal that offers a compromise approach. I posted > about this partially in one of the threads but I'm afraid it got lost in > the noise. Others have touched on the same basic idea: > > 1. By default, assign plain text http/2 to a new port. > 2. Document that plaintext http/2 can be sent over port 80 but document > the various possible issues with reliability. > 3. Strongly recommend that http/2 be sent over TLS instead of plaintext. > 4. Establish a new http2 URL protocol prefix for plaintext http2 over the > new default port > > I will not deploy another cleartext protocol. Especially another one where the choice of encryption is solely made by the server. It doesn't serve my user base, or imo the web. -P >
Received on Sunday, 17 November 2013 19:35:15 UTC