W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: 2 questions

From: Walter H. <Walter.H@mathemainzel.info>
Date: Sun, 29 Mar 2015 13:34:43 +0200
Message-ID: <5517E353.2070800@mathemainzel.info>
To: "Constantine A. Murenin" <cnst@NetBSD.org>
CC: ietf-http-wg@w3.org
On 29.03.2015 03:19, Constantine A. Murenin wrote:
> On 2015-03-28 7:43, Glen wrote:
>> 1. What were the reasons for HTTP/2 not requiring TLS?
>>
>> Is there a significant performance consideration, is it related to 
>> the cost of certificates (which is now fairly low or even free), or 
>> are there other technical reasons?
>
> This is incorrect.  The cost of certificates for webmasters is not 
> "fairly low or even free".
>
In fact they are fairly low or even free, because nobody tells you 
buying at the most expensive dealer ;-)

just try e.g. StartCom ;-)
> Think of all the consumer electronic devices like the 15 USD 802.11n 
> wireless routers -- who's going to be paying for their certificates?
any cheap routing box, either with WLAN or not does use self-signed 
certificates; and business environments have different use cases and/or 
hardware;
and there they can have their own CA, too ...

> Yes, but mandating a mandatory "https://" address scheme is not a 
> solution.
use TLS with the address scheme "https://", and
>   As has been mentioned, Opportunistic Encryption through the 
> "http://" address scheme is what would help here instead.
not any encryption with the "http://" address scheme;

you don't sell cows as pigs, do you;

Greetings,
Walter




Received on Sunday, 29 March 2015 11:35:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:36 UTC