On 11/14/2013 09:49 AM, Roberto Peon wrote:

There is a means of opting out, however, which exists and is widely deployed: http1

This isn't realistic unless the HTTP 2 specification makes support of HTTP 1 mandatory. Which of course is silly.

There was near unanimity at the plenary that we should do something about pervasive monitoring

You had a humming vote to give yourselves the new mission of curing social and political ills rather than technical ones, by inflicting a mandatory encryption requirement on everyone, everywhere? It sounds like a big over step.

Let's make this more clear and ignore the Amateur Radio issue for now. I don't wish to be forced into concealment in my normal operations on the Internet.

Nor do I wish to have traffic over my personal network which I can not supervise. Unfortunately, there are a lot of operating systems and applications that I have not written which use that network. When I can't see the contents of their network traffic, it is more likely that traffic is being used to eavesdrop upon me. Surrounding that traffic with chaff by requiring encryption of _all_ HTTP traffic means that this hostile encrypted traffic will be impossible to find.

Thus, my security is reduced.

Even were that not the case, websites are changing to https for various other reasons

That's fine, because it's their choice or the users choice. Not yours.