Re: 2 questions from OSCAR GONZALEZ DE DIOS on 2015-04-09 (ietf-http-wg@w3.org from April to June 2015)

From: OSCAR GONZALEZ DE DIOS <oscar.gonzalezdedios@telefonica.com>
Date: Thu, 9 Apr 2015 22:52:09 +0000
To: Glen <glen.84@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <D14C6940.91F6C%oscar.gonzalezdedios@telefonica.com>

Hi Glen, all

>Hi,
>
>I have 2 questions, if I may.
>
>1. What were the reasons for HTTP/2 not requiring TLS?
>
>Is there a significant performance consideration, is it related to the
>cost of certificates (which is now fairly low or even free), or are there
>other technical reasons?
>
>It would be nice if the web was just "secure by default", and I would
>have thought that now would be the right time to move in that direction.
>
>Also, at least 2 of the major browser vendors have said that they won't
>be supporting HTTP/2 without TLS, so surely no one is going to want to
>run their website without it?


There is a very interesting use case where TLS is an overhead related to
video streaming over HTTP/2. MPEG DASH provides DRM encryption for video
content. If you transfer DRM encrypted MPEG-DASH video over HTTP/2, you
will have double encryption, which is clearly an overkill. Generalizing,
when you need to use Digital Rights Management, there are no additional
benefits by encrypting again with TLS.

Best Regards,

        Oscar



________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição

Received on Thursday, 9 April 2015 22:52:44 UTC