- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Tue, 18 Nov 2014 10:29:18 +0000
- To: Stefan Eissing <stefan.eissing@greenbytes.de>
- cc: Martin Thomson <martin.thomson@gmail.com>, Jason Greene <jason.greene@redhat.com>, Roland Zink <roland@zinks.de>, ietf-http-wg@w3.org
--------
In message <31FE03AA-5EF1-484E-BD92-4C088851D47D@greenbytes.de>, Stefan Eissing
writes:
>Discussing mandatory security tech for all uses of http is not. There
>are more use cases than all of us know combined. If h2 should be a
>successor of http, forcing tls is not feasible in practise.
You're mistaken: It is perfectly feasible because HTTP/2.0 is
a layer 9 ("politics") protocol.
HTTP/2.0 is being deliberately crippled to further certain political
agendas, notably "TLS everywhere", despite the fact that this will
handicap adoption of the protocol in the network.
In particular, HTTP/2.0 is being sold as delivering "speed" and
"privacy" while in reality it does neither for the vast majority
of all websites.
The speed only happens if you have a global CDN, otherwise the
3*RTT overhead of the mandatory TLS will kill your speed.
The users will still be tracked and have their identities deconstructed
across the web, because that is the business model of major the
HTTP/2.0 proponents.
But HTTP/2.0 is still being rushed through the IETF process for
political reasons, even though its technical quality leaves so much
to be desired that serious talk about HTTP/3.0 started long time
before HTTP/2.0 even made it to WG Last Call.
The fact that HTTP/2.0 is deemed ready for IETF Last Call, without
a single published benchmark showing what performance can be obtained
on commodity server hardware is not accidental: It doesn't matter
to its backers, their goals are only political.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
Received on Tuesday, 18 November 2014 10:29:52 UTC