RE: Requiring a secure transport layer for Intents and similar things (DAP standards best practices?)

> It's not quite yet a "precedent", but the transport protocol used by
> WebRTC is required to be secured.

WebRTC "call control" is an application layer aspect and not required to be secure. The media path (including peer connection data channel) is SRTP and thus secure.

> 
> Somewhat relatedly, some of the proposals in IETF for HTTP 2.0 would
> also require a secure transport.

This is referenced in some of the contributions to HTTPbis (SPDY) but will not likely form a core part of HTTP 2.0 or be mandatory, based upon recent discussions in IETF. We support that decision, as always-on TLS would have dramatic impacts on the Web architecture if mandated.

Bryan Sullivan 

Received on Wednesday, 5 September 2012 16:41:58 UTC