W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Call for Proposals re: #314 HTTP2 and http:// URIs on the "open" internet

From: James M Snell <jasnell@gmail.com>
Date: Tue, 19 Nov 2013 20:24:20 -0800
Message-ID: <CABP7RbdQGzWHgyvftZHF3L0QUU_G=T0r2h3Kj5DJDmPJPavKsA@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Tue, Nov 19, 2013 at 8:00 PM, Mark Nottingham <mnot@mnot.net> wrote:
> I think that, if proposed, it would be even more difficult to get consensus on this than on prohibiting HTTP/2 for http:// URIs. Not only are some implementers against it, but on its own, this would be a step backwards in security -- right now, HTTP/1.1 doesn't require implementation without encryption.

Nor does HTTP/1.1 require implementation *with* encryption. Note that
by making plaintext on a dedicated port required to implement
obviously doesn't make it required to use.

That said, if there's no chance of getting consensus around this, then
maintaining the current status quo is my second best choice.

- James

> Much experience has shown us that MUSTs and SHOULDs are ignored when they're disconnected from implementation needs -- even if those requirements are intended for the greater good.
> Cheers,
> --
> Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 20 November 2013 04:25:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:20 UTC