- From: James M Snell <jasnell@gmail.com>
- Date: Tue, 19 Nov 2013 08:38:00 -0800
- To: Michael Sweet <msweet@apple.com>
- Cc: Mike Belshe <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Nov 19, 2013 at 6:38 AM, Michael Sweet <msweet@apple.com> wrote: [snip] > > I know you are trying to be dramatic here, but I don't think "think of the > children" arguments have any place here. > +1 ... honestly, this whole conversation seems to be getting lost in the weeds, really. Personally, I don't really care whose definition of "privacy" is more accurate. It would be fantastic if we could get back to discussing actual technical details. TLS gives us reasonably good confidentiality of the data in motion over a TCP/IP connection. No, it doesn't provide privacy, but it addresses at least part of the overall problem and it's quite useful to adopt as the default option in probably 95% of our primary use cases. So Mark's proposal suggesting that we limit plaintext http/2 on port 80 to .local and rfc1918 addresses appears completely reasonable so long as we take the additional step of defining a new default port for plaintext http/2 everywhere else. If we can get agreement on that one technical point (as opposed to endless debating about what "privacy" really means) then we've made progress and can move on to the other important questions. - James
Received on Tuesday, 19 November 2013 16:38:53 UTC