- From: Frode Kileng <frodek@tele.no>
- Date: Thu, 28 Nov 2013 17:50:18 +0100
- To: ietf-http-wg@w3.org
On 28.11.2013 03:02, Mark Nottingham wrote: [....] > So far, our discussion has encompassed mandatory HTTPS (which has been controversial, but also seems likely to be in some of the first implementations of HTTP/2.0) and opportunistic encryption (which seems to have decent support in principle, but there also seems to be some reluctance to implement, if I read the tea leaves correctly). Either of those would probably "adequately address" if we wrote them into HTTP/2.0. > > Alternatively, it may be that we don't address pervasive monitoring in the core HTTP/2.0 document itself, since HTTP is used in a such a wide variety of ways, but instead "adequately address" in a companion document. One proposal that might have merit is shipping a "HTTP/2.0 for Web Browsing" document and addressing pervasive monitoring there. Or we solve this for HTTP/2.0 and leave non-encrypted to a separate HTTP/I-dont-care-about-security-or-MITM-attack specification or special purpose implementations. There's a lot of interesting business opportunities in developing special-purpose implementations to solve many of the use-cases that has been identified (kid-safe-surfing, transparent caching/optimizers, please-remove-any-virus, strict-controlled-surfing-for-prisons/enterprises, etc). just my 5 cent... frodek
Received on Thursday, 28 November 2013 16:50:47 UTC