- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 15 Aug 2014 14:50:38 +0000
- To: Erik Nygren <erik@nygren.org>
- cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
-------- In message <CAKC-DJjFk9==Y4ayn=A-fZBaEt-G_+n=XQ9B8rKqWaT-LQh3vQ@mail.gmail.com> , Erik Nygren writes: >[...] provision a real certificate, [...] I have it from many corners, than anything which involves "real certificates" are not going to happen for a large swath of "unimportant" traffic because of the extortionary business behavior of the CA-mob. I personally have no love for the CA-mob, but a lot of people seem to hate their guts. Keeping them out of the picture wrt. fighting PM would be a good idea. Also, we don't need very big certs, they just have to hold for a few seconds. >> For that matter this is not even specific to HTTP/2 in any way, it >> could also be deployed for HTTP/1.1. > >Only if there was a way to convey Scheme (http vs https) in a way that >worked reliably for existing HTTP/1.1 servers. I was talking only conceptually here, the actual protocol mechanics will be at least as tricky as HTTP/1 -> HTTP/2 upgrade. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 15 August 2014 14:51:02 UTC