On 29.03.2015 03:19, Constantine A. Murenin wrote: > On 2015-03-28 7:43, Glen wrote: >> 1. What were the reasons for HTTP/2 not requiring TLS? >> >> Is there a significant performance consideration, is it related to >> the cost of certificates (which is now fairly low or even free), or >> are there other technical reasons? > > This is incorrect. The cost of certificates for webmasters is not > "fairly low or even free". > In fact they are fairly low or even free, because nobody tells you buying at the most expensive dealer ;-) just try e.g. StartCom ;-) > Think of all the consumer electronic devices like the 15 USD 802.11n > wireless routers -- who's going to be paying for their certificates? any cheap routing box, either with WLAN or not does use self-signed certificates; and business environments have different use cases and/or hardware; and there they can have their own CA, too ... > Yes, but mandating a mandatory "https://" address scheme is not a > solution. use TLS with the address scheme "https://", and > As has been mentioned, Opportunistic Encryption through the > "http://" address scheme is what would help here instead. not any encryption with the "http://" address scheme; you don't sell cows as pigs, do you; Greetings, Walter
This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:36 UTC