On 25 November 2013 00:15, Stephen Farrell <stephen.farrell@cs.tcd.ie>wrote:
>
> HTTP is used for lots of sensitive data all the time in places that
> don't use https:// URIs today. Sensitive data doesn't require any
> life or death argument, it can be nicely mundane, e.g. a doctor
> visit being the example Alissa used in the plenary in Vancouver.
>
> We now can, and just should, fix that. There's no hyperbole needed
> to make that argument compelling.
>
>
This smells like scope creep. Maybe I just need clarification of the
charter: are we here to fix the web, or define a new-and-improved HTTP
protocol?
My dream is a minimal-pain swap-in replacement for HTTP/1.1, that makes
everything faster and better. The roadblock to that seems to be cruddy old
proxies which will break the flow, but all this argument about people who
don't encrypt details about their doctor's visits doesn't actually compel
me at all. If the only way to get HTTP/2 to work on the web today is to
stuff it all down a pipe that the cruddy proxies will pass without
breaking, then fine, use TLS; but I'd suggest we not write that in the
HTTP/2 spec, it's a (transient?) detail of the current state of the web.
--
Matthew Kerwin
http://matthew.kerwin.net.au/