- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 14 Mar 2016 10:06:51 +1100
- To: Daniel Stenberg <daniel@haxx.se>
- Cc: Phil Lello <phil@dunlop-lello.uk>, HTTP Working Group <ietf-http-wg@w3.org>
Thanks, Daniel. Phil, we had a pretty extensive discussion about this, and as a WG decided not to require TLS for HTTP/2. I'm sympathetic to the need for a forum for such discussions -- and it's pretty clear that they're far from over -- but this isn't relevant to our current work. Cheers, > On 14 Mar 2016, at 9:56 AM, Daniel Stenberg <daniel@haxx.se> wrote: > > On Sun, 13 Mar 2016, Phil Lello wrote: > >> Whilst I'm not certain that this is the right forum to address browser support for h2c / non-TLS HTTP/2, I'd like to state my concerns over the de facto requirement for TLS. > > Most of the things that can be said about this subject were iterated about 14 times each in the "SSL/TLS everywhere fail" discussion in December: > > https://lists.w3.org/Archives/Public/ietf-http-wg/2015OctDec/thread.html#msg313 > > -- > > / daniel.haxx.se > -- Mark Nottingham https://www.mnot.net/
Received on Sunday, 13 March 2016 23:07:23 UTC