Re: A proposal

On Sun, Nov 17, 2013 at 1:08 PM, James M Snell <> wrote:

> The volume on the other threads on the security subject is causing far too
> much noise. I have a proposal that offers a compromise approach. I posted
> about this partially in one of the threads but I'm afraid it got lost in
> the noise. Others have touched on the same basic idea:
> 1. By default, assign plain text http/2 to a new port.
> 2. Document that plaintext http/2 can be sent over port 80 but document
> the various possible issues with reliability.
> 3. Strongly recommend that http/2 be sent over TLS instead of plaintext.
> 4. Establish a new http2 URL protocol prefix for plaintext http2 over the
> new default port
> I will not deploy another cleartext protocol. Especially another one where
the choice of encryption is solely made by the server. It doesn't serve my
user base, or imo the web.



Received on Sunday, 17 November 2013 19:35:15 UTC