Re: Reasonable proposal for migrating to 2.0

In message <>, Willy Tarreau writes:

>Note I'm not talking about sites, but more the rare use cases where
>we currentl expect a self-signed cert to be OK (basically your WiFi
>router's setup page, or for developers to test HTTP/2 without having
>to request a cert for each host:port combination they work on).

Those are also "sites" in the sense that somebody has to write
the HTTP server and the HTML.

No, let us stick with "http://" and "https://", people have a
hard enough time to understand and deploy those two correctly, 
adding another will not help.

>> At least 50% of the pervassive surveillance problem is software we
>> cannot trust on the client side.
>I dont think it's that high if we're talking about surveillance. 

One word:  Smartphones.

Between Microsoft, Apple and Google/Android, I doubt it is as low
as 50%.  (I'm assuming we're not just talking NSA here ?)

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Sunday, 17 November 2013 22:57:20 UTC