Re: I revised the pro/contra document from Matthew Kerwin on 2013-11-24 (ietf-http-wg@w3.org from October to December 2013)

From: Matthew Kerwin <matthew@kerwin.net.au>
Date: Mon, 25 Nov 2013 07:39:49 +1000
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Mike Belshe <mike@belshe.com>, Yoav Nir <synp71@live.com>, Tim Bray <tbray@textuality.com>, Mike Bishop <Michael.Bishop@microsoft.com>, Alexandre Anzala-Yamajako <anzalaya@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CACweHNCzhowuXy7fstXBJ3-BigxALCM8aocTFq5pxSB3MGhoHQ@mail.gmail.com>

On 25 November 2013 00:15, Stephen Farrell <stephen.farrell@cs.tcd.ie>wrote:

>
> HTTP is used for lots of sensitive data all the time in places that
> don't use https:// URIs today. Sensitive data doesn't require any
> life or death argument, it can be nicely mundane, e.g. a doctor
> visit being the example Alissa used in the plenary in Vancouver.
>
> We now can, and just should, fix that. There's no hyperbole needed
> to make that argument compelling.
>
>
This smells like scope creep.  Maybe I just need clarification of the
charter: are we here to fix the web, or define a new-and-improved HTTP
protocol?

My dream is a minimal-pain swap-in replacement for HTTP/1.1, that makes
everything faster and better.  The roadblock to that seems to be cruddy old
proxies which will break the flow, but all this argument about people who
don't encrypt details about their doctor's visits doesn't actually compel
me at all.  If the only way to get HTTP/2 to work on the web today is to
stuff it all down a pipe that the cruddy proxies will pass without
breaking, then fine, use TLS; but I'd suggest we not write that in the
HTTP/2 spec, it's a (transient?) detail of the current state of the web.

-- 
  Matthew Kerwin
  http://matthew.kerwin.net.au/

Received on Sunday, 24 November 2013 21:40:18 UTC