W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: A proposal

From: Yoav Nir <synp71@live.com>
Date: Mon, 18 Nov 2013 14:19:21 +0200
Message-ID: <BLU0-SMTP64EBB79DDD4127357EFCCB1E40@phx.gbl>
To: ietf-http-wg@w3.org
On 18/11/13 1:44 PM, Mark Nottingham wrote:
> On 18 Nov 2013, at 10:18 pm, Yoav Nir <synp71@live.com> wrote:
>> I think HTTP is used for so many things in so many scenarios, that trying to give general guidance in the base spec is asking for trouble (example: when checking certificate revocation, you use HTTP to download either a CRL or an OCSP response. You can't use authenticated TLS there).
> Again, we’re taking about the case of a browser on the “open” Web — the many special cases don’t apply here.
I don't think we'll reach consensus on what is appropriate for the open 
web. But I think de-coupling that discussion from the base document is a 
win. I personally don't think that denying the benefits of HTTP/2 to 
websites that choose not to use encryption is justified. But browser 
support will be determined by market forces, unless the browser vendors 
would like to form a benevolent cartel forcing the correct policy on all 
the web.

BTW: Downloading CRLs or OCSP responses to verify certificates used in 
HTTPS is very much part of the open web.


Received on Monday, 18 November 2013 12:19:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:20 UTC