- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Sat, 14 Dec 2013 19:20:40 +0000
- To: "William Chan (陈智昌)" <willchan@chromium.org>, Paul Hoffman <paul.hoffman@gmail.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
Possibly a different thread really but... On 12/14/2013 05:20 AM, William Chan (陈智昌) wrote: > Anyhow, > we don't support any type of opportunistic encryption, especially > unauthenticated. We want people to use https://, therefore we more or > less only plan to support HTTP/2 for https:// URIs. Let me know if > this still leaves anything unclear. What that leaves unclear for me is how the current 30-40% of web sites that are setup for some form of TLS will suddenly become 99%. Without some other action on helping sites get certs, it just won't happen would be my prediction. I think its all the more puzzling when contrasted with other cases where people claim that we can't do X because that'd cause a problem for 1% of the web, but yet here you seem to be saying its ok to do this when it'd cause a problem for 60-70% of the web. (I don't recall whether or not you've made such claim William.) Even if only as a backup in case that 30-40% -> 99% transition fails, I'd hope folks do continue working on ways to provide opportunistic encryption for HTTP/2.0. On the current draft - its seems quite odd to ignore the existing anon-DH ciphersuites when trying to do opportunistic encryption. S.
Received on Saturday, 14 December 2013 19:21:06 UTC