Re: HTTP/2 and Pervasive Monitoring

On 15 August 2014 18:56, Mark Nottingham <> wrote:

>  (I think we’re in violent agreement here)

The difference is emphasis.

I think you are saying: "We are using TLS to mitigate PM, but it is not

I think this WG should say:  "An application protocol cannot significantly
mitigate PM. A network level solutions is required.  But we are
facilitating increased TLS usage which may mitigate some PM attacks or at
least prevent even more invasive PM"

ie the overwhelming response to BCP188 should be that this is not a problem
we can fix on our own, but we are prepared to be part of the solution.


Greg Wilkins <> HTTP, SPDY, Websocket server and client that scales  advice and support for jetty and cometd.

Received on Friday, 15 August 2014 23:12:37 UTC