Re: Call for Proposals re: #314 HTTP2 and http:// URIs on the "open" internet

* Mark Nottingham wrote:
>To reiterate -- some browser folks have stated that they will not be 
>implementing HTTP/2.0 for HTTP without TLS in their products, so unless 
>they become convinced otherwise, there will still be a *market* 
>requirement to implement TLS if you want to get the benefit of HTTP/2 
>with the broadest selection of clients.

It seems very likely to me that whatever has been stated was meant to be
something far more nuanced. For instance, they may have meant that they
will not personally write the code, but patches from others might still
be accepted e.g. because the decision isn't up to them. Importantly, I'd
think they respect and participate in the Standards process and evaluate
any outcome carefully, which very much includes considering to implement
HTTP/2.0 without TLS if the Working Group decides to mandate support for

If any major browser vendor has issued an official statement that they
will use their market position to force certain design and deployment
decisions in subversion of the Standards process, that would be highly
inappropriate. I would expect those browser folks to take offense at a
suggestion that "we" have to convince "them" any more than "they" have
to convince "us", whatever the issue may be.

There are only about four browser vendors with sufficient market share
to force deployment decisions. They should be identified by name, and
not as an anonymous collective, if they have stated anything for us to
consider, with references to their statements.

>P.S. If you intend to make a proposal but aren't ready to do so yet, 
>please contact me privately. I'm willing to defer discussion of this 
>issue for a reasonable amount of time if it'll help us get to consensus.

I sort-of intend to make related proposals and am not ready yet, but I
see no reason to defer any discussion (as opposed to decision) because
of that. It is not entirely clear to me what the scope of your call for
proposals is, but for the record, discussion of issues like whether to
mandate support for HTTP/2.0 without TLS, or making web browsers non-
conforming if they support HTTP/2.0 without TLS, has barely begun and I
need quite a bit of additional information before I could form an in-
formed opinion.
Björn Höhrmann · ·
Am Badedeich 7 · Telefon: +49(0)160/4415681 ·
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · 

Received on Wednesday, 20 November 2013 02:50:53 UTC