Re: Call for Proposals re: #314 HTTP2 and http:// URIs on the "open" internet

On 20/11/2013, at 1:50 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:

> * Mark Nottingham wrote:
>> To reiterate -- some browser folks have stated that they will not be 
>> implementing HTTP/2.0 for HTTP without TLS in their products, so unless 
>> they become convinced otherwise, there will still be a *market* 
>> requirement to implement TLS if you want to get the benefit of HTTP/2 
>> with the broadest selection of clients.
> 
> It seems very likely to me that whatever has been stated was meant to be
> something far more nuanced. For instance, they may have meant that they
> will not personally write the code, but patches from others might still
> be accepted e.g. because the decision isn't up to them. Importantly, I'd
> think they respect and participate in the Standards process and evaluate
> any outcome carefully, which very much includes considering to implement
> HTTP/2.0 without TLS if the Working Group decides to mandate support for
> that.

No one has yet proposed that we mandate implementing HTTP/2.0 *without* TLS yet -- we'll cross that bridge if we come to it. Talking about "subverting the standards process" is thus WAY too premature.


> If any major browser vendor has issued an official statement that they
> will use their market position to force certain design and deployment
> decisions in subversion of the Standards process, that would be highly
> inappropriate. I would expect those browser folks to take offense at a
> suggestion that "we" have to convince "them" any more than "they" have
> to convince "us", whatever the issue may be.
> 
> There are only about four browser vendors with sufficient market share
> to force deployment decisions. They should be identified by name, and
> not as an anonymous collective, if they have stated anything for us to
> consider, with references to their statements.
> 
>> P.S. If you intend to make a proposal but aren't ready to do so yet, 
>> please contact me privately. I'm willing to defer discussion of this 
>> issue for a reasonable amount of time if it'll help us get to consensus.
> 
> I sort-of intend to make related proposals and am not ready yet, but I
> see no reason to defer any discussion (as opposed to decision) because
> of that. It is not entirely clear to me what the scope of your call for
> proposals is, but for the record, discussion of issues like whether to
> mandate support for HTTP/2.0 without TLS, or making web browsers non-
> conforming if they support HTTP/2.0 without TLS, has barely begun and I
> need quite a bit of additional information before I could form an in-
> formed opinion.

Please read that as deferring a decision. I'm happy for people to make proposals and discuss them. What I'm not willing to do is let a general discussion without focus continue for too long and threaten the rest of our work. It's quite apparent to me that people are digging in on their positions and we can't reach consensus that way.

Cheers,

--
Mark Nottingham   http://www.mnot.net/

Received on Wednesday, 20 November 2013 03:04:09 UTC