- From: Zhong Yu <zhong.j.yu@gmail.com>
- Date: Tue, 19 Nov 2013 16:21:23 -0600
- To: Adrien de Croy <adrien@qbik.com>
- Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, Mike Belshe <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
Fortunately, a server with plaintext http/2 can always advise users to use Internet Explorer for better experience. Thank Microsoft. Zhong Yu On Tue, Nov 19, 2013 at 4:04 PM, Adrien de Croy <adrien@qbik.com> wrote: > > it is interesting the biggest pushers of mandatory TLS are those who stand > to suffer the least from it. Browser makers. > > Are any server makers or (reverse-) proxy makers here proponents of > mandatory TLS? I can't imagine a server author taking the step of requiring > all their customers to suddenly buy certs. At least not be the first to do > so. They are the ones who will have to deal with the backlash and > incredible inertia of getting their customers to change. > > Without servers supporting mandatory TLS, it's kinda pointless for browser > makers to assert they won't implement plaintext http/2.0. Since the cert > must be installed on the server (not the client/browser), I think it would > be better to let the server authors take the lead on this surely? > > > Adrien > > > ------ Original Message ------ > From: "Nicolas Mailhot" <nicolas.mailhot@laposte.net> > To: "Mike Belshe" <mike@belshe.com> > Cc: "Roy T. Fielding" <fielding@gbiv.com>; "HTTP Working Group" > <ietf-http-wg@w3.org> > Sent: 20/11/2013 8:07:15 a.m. > Subject: Re: A proposal >> >> >> Le Mar 19 novembre 2013 10:45, Mike Belshe a écrit : >> >>> Alright, well thats all fine, but I really don't know why you're going >>> off >>> on this rant. Can you cite for me the specific quote from anyone on >>> this >>> list who declared or implied that TLS was a comprehensive solution for >>> 'security' or 'privacy'? I don't think anyone did, so this rant is >>> really >>> unnecessary. >> >> >> That's playing with words, Chrome and Mozilla representatives have been >> quite clear they wanted to force a TLS-only web for 'security' and >> 'privacy'. Even though there is a ton of things those browsers could do >> *now* to improve privacy without fostering pki on everyone else. >> >> Really, it's getting quite annoying to see all this forceful selling of >> TLS in the name of privacy and security while systematically stonewalling >> any attempt to consider the parts of the protocol that are used to data >> mine users now (let's use the business term not emotional appeals). >> >> -- >> Nicolas Mailhot >> >> > >
Received on Tuesday, 19 November 2013 22:21:51 UTC