Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-02.txt from Paul Hoffman on 2013-12-14 (ietf-http-wg@w3.org from October to December 2013)

From: Paul Hoffman <paul.hoffman@gmail.com>
Date: Sat, 14 Dec 2013 11:14:33 -0800
To: William Chan (陈智昌) <willchan@chromium.org>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAPik8yayuJrTuZ5UCm8w6ZktGO8LDsuy5At4EtnckLHcC-r-yQ@mail.gmail.com>

On Fri, Dec 13, 2013 at 9:20 PM, William Chan (陈智昌)
<willchan@chromium.org>wrote:

> I don't know what the "do it in HTTP/2 itself" proposal is.

http://tools.ietf.org/html/draft-hoffman-httpbis-minimal-unauth-enc-01

> I thought
> your proposal was advertising opportunistic encryption in DNS.

That is orthogonal, and is *not* opportunistic encryption: it allows a
browser to change the URI scheme from "http:" to "https:".

> Anyhow,
> we don't support any type of opportunistic encryption, especially
> unauthenticated. We want people to use https://, therefore we more or
> less only plan to support HTTP/2 for https:// URIs. Let me know if
> this still leaves anything unclear.
>

That's completely clear.

I disagree with your conclusion, and still want HTTP/2 to enable
opportunistic encryption in a way that browsers and servers will deploy,
but I'm not a browser vendor.

--Paul Hoffman

Received on Saturday, 14 December 2013 19:15:01 UTC