- From: Adrien de Croy <adrien@qbik.com>
- Date: Tue, 19 Nov 2013 22:22:14 +0000
- To: "Roberto Peon" <grmocg@gmail.com>
- Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Mike Belshe" <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, "HTTP Working Group" <ietf-http-wg@w3.org>
- Message-Id: <emb8b0127a-c013-41cd-b26e-3d525ca81d9e@bodybag>
I think if the world moved to plaintext http/2.0, you would find that would become supported in Chrome. Because you know what people do when their browser can't view a site. ------ Original Message ------ From: "Roberto Peon" <grmocg@gmail.com> To: "Adrien de Croy" <adrien@qbik.com> Cc: "Nicolas Mailhot" <nicolas.mailhot@laposte.net>; "Mike Belshe" <mike@belshe.com>; "Roy T. Fielding" <fielding@gbiv.com>; "HTTP Working Group" <ietf-http-wg@w3.org> Sent: 20/11/2013 11:18:18 a.m. Subject: Re: A proposal >I don't want the headaches of attempting to support something >non-encrypted over the public internet and would rather just deal with >HTTP/1.1 in the cases where encryption is disallowed or is not >negotiated. >-=R > > >On Tue, Nov 19, 2013 at 2:04 PM, Adrien de Croy <adrien@qbik.com> >wrote: >> >>it is interesting the biggest pushers of mandatory TLS are those who >>stand to suffer the least from it. Browser makers. >> >>Are any server makers or (reverse-) proxy makers here proponents of >>mandatory TLS? I can't imagine a server author taking the step of >>requiring all their customers to suddenly buy certs. At least not be >>the first to do so. They are the ones who will have to deal with the >>backlash and incredible inertia of getting their customers to change. >> >>Without servers supporting mandatory TLS, it's kinda pointless for >>browser makers to assert they won't implement plaintext http/2.0. >>Since the cert must be installed on the server (not the >>client/browser), I think it would be better to let the server authors >>take the lead on this surely? >> >> >>Adrien >> >> >>------ Original Message ------ >>From: "Nicolas Mailhot" <nicolas.mailhot@laposte.net> >>To: "Mike Belshe" <mike@belshe.com> >>Cc: "Roy T. Fielding" <fielding@gbiv.com>; "HTTP Working Group" >><ietf-http-wg@w3.org> >>Sent: 20/11/2013 8:07:15 a.m. >>Subject: Re: A proposal >>> >>>Le Mar 19 novembre 2013 10:45, Mike Belshe a écrit : >>> >>>> Alright, well thats all fine, but I really don't know why you're >>>>going off >>>> on this rant. Can you cite for me the specific quote from anyone on >>>> this >>>> list who declared or implied that TLS was a comprehensive solution >>>>for >>>> 'security' or 'privacy'? I don't think anyone did, so this rant is >>>>really >>>> unnecessary. >>> >>>That's playing with words, Chrome and Mozilla representatives have >>>been >>>quite clear they wanted to force a TLS-only web for 'security' and >>>'privacy'. Even though there is a ton of things those browsers could >>>do >>>*now* to improve privacy without fostering pki on everyone else. >>> >>>Really, it's getting quite annoying to see all this forceful selling >>>of >>>TLS in the name of privacy and security while systematically >>>stonewalling >>>any attempt to consider the parts of the protocol that are used to >>>data >>>mine users now (let's use the business term not emotional appeals). >>> >>>-- >>>Nicolas Mailhot >>> >>> >> >> >
Received on Tuesday, 19 November 2013 22:22:01 UTC