- From: Walter H. <Walter.H@mathemainzel.info>
- Date: Sun, 29 Mar 2015 13:34:43 +0200
- To: "Constantine A. Murenin" <cnst@NetBSD.org>
- CC: ietf-http-wg@w3.org
- Message-ID: <5517E353.2070800@mathemainzel.info>
On 29.03.2015 03:19, Constantine A. Murenin wrote: > On 2015-03-28 7:43, Glen wrote: >> 1. What were the reasons for HTTP/2 not requiring TLS? >> >> Is there a significant performance consideration, is it related to >> the cost of certificates (which is now fairly low or even free), or >> are there other technical reasons? > > This is incorrect. The cost of certificates for webmasters is not > "fairly low or even free". > In fact they are fairly low or even free, because nobody tells you buying at the most expensive dealer ;-) just try e.g. StartCom ;-) > Think of all the consumer electronic devices like the 15 USD 802.11n > wireless routers -- who's going to be paying for their certificates? any cheap routing box, either with WLAN or not does use self-signed certificates; and business environments have different use cases and/or hardware; and there they can have their own CA, too ... > Yes, but mandating a mandatory "https://" address scheme is not a > solution. use TLS with the address scheme "https://", and > As has been mentioned, Opportunistic Encryption through the > "http://" address scheme is what would help here instead. not any encryption with the "http://" address scheme; you don't sell cows as pigs, do you; Greetings, Walter
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Sunday, 29 March 2015 11:35:08 UTC