Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP
Dick Hardt <dick.hardt@gmail.com> Mon, 03 December 2012 03:26 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FF2121F88A2 for <apps-discuss@ietfa.amsl.com>; Sun, 2 Dec 2012 19:26:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.504
X-Spam-Level:
X-Spam-Status: No, score=-3.504 tagged_above=-999 required=5 tests=[AWL=0.095, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UdWG9CjEHMF9 for <apps-discuss@ietfa.amsl.com>; Sun, 2 Dec 2012 19:26:03 -0800 (PST)
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 84EE121F8864 for <apps-discuss@ietf.org>; Sun, 2 Dec 2012 19:26:03 -0800 (PST)
Received: by mail-pb0-f44.google.com with SMTP id uo1so1549705pbc.31 for <apps-discuss@ietf.org>; Sun, 02 Dec 2012 19:26:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; bh=ns2QQKYRK8EUsxfWQZZm+YVhG1yRpNGMtxHioMckBFI=; b=DakL3PGNOOd3DyeOv/io95L7Aae5EV77g+WKPtDMG9c/EbhK3lg6MSWsrTDOGq/mSY GTUCtyBcdQ+xO2N3QW7ouE3589krWayumX4cbUhQzrrPG6oySIfwrvU0kyd3yd568U46 1/jY5btgiwtVNUHGS6yQe6YZdcNfASYrLangp90phNDsqabdXPcGTrqQ6hueb9KCRTDX K6Yhj67r7Rk3iEjYfbuO+bmomOLbIZB1MAfjhIxmwYo1M+vzGZXAehbCrCIiIFy52RKO Sm32czladHkM9iJ2yIYyRLvq9XXkjZ6JtjecwJ1N2HFCE5ax+MGJdkLEKcKbwfa1woSf 9KvQ==
Received: by 10.66.87.167 with SMTP id az7mr22468999pab.69.1354505163270; Sun, 02 Dec 2012 19:26:03 -0800 (PST)
Received: from [192.168.3.101] (airnode1222.air-internet.com. [12.110.33.210]) by mx.google.com with ESMTPS id d8sm297503pax.23.2012.12.02.19.25.55 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 02 Dec 2012 19:25:59 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <ab6bd2f5cb43f5e925455a365db01998@gorard.co.uk>
Date: Sun, 02 Dec 2012 19:25:54 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <EF2E18F6-2F60-4033-89BA-C7825E11840A@gmail.com>
References: "\"<pgauj587ym5drb1i5geo6hem.1354192360769@email.android.com> <CAAJ++qFJK_Crfj7_A6a4E8sPvq6CLYtKZOdDaVEcAp86q7H7wA@mail.gmail.com> <CAAz=sckP2w6-gMfVg-xBBVPcM7wDSerbzdbYXeOY_OpmdbToDQ@mail.gmail.com> <B1DBA05D-BB17-4BBE-893B-490199FC5F5E@ve7jtb.com> <CAAJ++qFfgi2Eu_MBe3drL1zRZJ=x0b5gVgNJ10j6TFimOta4qw@mail.gmail.com> <1268667C-895D-4273-94C8-E057D64FD349@josephholsten.com> <014901cdce6a$6943aaf0$3bcb00d0$@packetizer.com> <CAJu8rwX2n54P9prxrqzXZnc-5WeyFoHxhYcD=fvLkfh9FCUU7Q@mail.gmail.com> <016f01cdce6e$8a168af0$9e43a0d0$@packetizer.com> <CAJu8rwUvSFnhh171Xm90k1wm5bLKo_SGqs7L+cQ_QioHWzqNgQ@mail.gmail.com> <025701cdce84$a8a1bfb0$f9e53f10$@packetizer.com> <CAADDC71-1FBB-4411-B61A-359F878724A6@gmail.com> <036301cdceb1$3ae93e30$b0bbba90$@packetizer.com> <CAAJ++qGmx3hYt3f2kQ8BaVRe4ggA8F5jLyB1F-zawF-pkMA0dw@mail.gmail.com> <039001cdceb4$b65c7480$23155d80$@packetizer.com>" <9AE8993E-92CB-499B-AC47-C7477FF765CC@gmail.com>" <CAK3OfOjx5RRtC3ZR0tZRsvQY+tnTNtjooAQmmnJjeDHuda9 qxQ@m! ail.gmail.com> <BBBD4E7 "\"6-1B6D-4C88-82A2-5815AF9D1589@ve7jtb.com> <CAA1s49Vu+LKXr36wheH3qJZcGLyjGuJrD_xs7eXaYjVC8mUz=A@mail.gmail.com> <CAK3OfOj5fqoybKqvdruwAqOhjdp5VxSMAKK1NdDfdn+OEVOSFw@mail.gmail.com> <CAK3OfOi-jM3J=fVqNrO-6f5qVLbqQBMFJPwFBZQO8CVQv3VK+g@mail.gmail.com> <CAAz=sc=wER+3jANNhwq7q2FSveUpPL3fW9RAF7ZAx=czSQVqbQ@mail.gmail.com>" <073201cdd041$d2050b50$760f21f0$@packetizer.com>" <B504193B-EE58-455F-9851-6A45E56BF828@ve7jtb.com> <CAMQ7dq4tfF08=y0D-5bA9SONPe1xHstXdm2=QqkSD_trRE1Jzw@mail.gmail.com> <078801cdd067$4cdfb2b0$e69f1810$@packetizer.com> <0BB05AB9-6D89-4CBC-8724-B1744BE95A94@gmail.com> <ab6bd2f5cb43f5e925455a365db01998@gorard.co.uk>
To: jonathan@gorard.co.uk
X-Mailer: Apple Mail (2.1499)
Cc: webfinger@googlegroups.com, apps-discuss@ietf.org
Subject: Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Dec 2012 03:26:04 -0000
On Dec 2, 2012, at 12:25 PM, jonathan@gorard.co.uk wrote: > On 2012-12-02 15:00, Dick Hardt wrote: >> On Dec 2, 2012, at 12:30 AM, "Paul E. Jones" <paulej@packetizer.com> wrote: >>> In any case, the current document encourage use of HTTPS. But, it still >>> allows for HTTP and I can see some valid cases for it. >> >> What are the avid use cases? >> >> Keep in mind we are adding complexity to clients by allowing both, so >> there is a real cost to allowing both. I'm not clear what we are >> losing by HTTPS-only >> >> -- Dick >> _______________________________________________ >> apps-discuss mailing list >> apps-discuss@ietf.org >> https://www.ietf.org/mailman/listinfo/apps-discuss > > Surely mandating HTTPS for all connections would not only increase overhead by forcing SSL key exchange where it isn't necessary, but wouldn't it remove the ability to cache web content, thereby crippling the performance of many content-heavy websites? For sites which don't require secure connections, it just doesn't make sense. The additional complexity on the client from running both protocols that you mentioned is the lesser of two evils (unless the two protocols are somehow integrated). It is implementation complexity that I am talking about. Per the latest draft, the Client has to first call HTTPS and depending on the result of that call, can call HTTP. The overhead of SSL is nothing compared to making to calls, and the first has to be SSL anyway! -- Dick
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc Dick Hardt
- Re: [apps-discuss] Webfinger goals doc Mike Jones
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Sandeep Shetty
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc Melvin Carvalho
- Re: [apps-discuss] Webfinger goals doc Paul Hoffman
- Re: [apps-discuss] Webfinger goals doc Dick Hardt
- Re: [apps-discuss] Webfinger goals doc Ben Laurie
- [apps-discuss] Webfinger goals doc Brad Fitzpatrick
- Re: [apps-discuss] Webfinger goals doc Brad Fitzpatrick
- Re: [apps-discuss] Webfinger goals doc Brad Fitzpatrick
- Re: [apps-discuss] Webfinger goals doc Brad Fitzpatrick
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc Phillip Hallam-Baker
- Re: [apps-discuss] Webfinger goals doc Joe Gregorio
- Re: [apps-discuss] Webfinger goals doc Breno de Medeiros
- Re: [apps-discuss] Webfinger goals doc William Mills
- Re: [apps-discuss] Webfinger goals doc Martin J. Dürst
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Breno de Medeiros
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Evan Prodromou
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc Breno de Medeiros
- Re: [apps-discuss] Webfinger goals doc Breno de Medeiros
- Re: [apps-discuss] Webfinger goals doc Blaine Cook
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc Breno de Medeiros
- Re: [apps-discuss] Webfinger goals doc William Mills
- Re: [apps-discuss] Webfinger goals doc Joseph Holsten
- Re: [apps-discuss] Webfinger goals doc Evan Prodromou
- Re: [apps-discuss] Webfinger goals doc Tim Bray
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc Evan Prodromou
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Breno de Medeiros
- Re: [apps-discuss] Webfinger goals doc Evan Prodromou
- Re: [apps-discuss] Webfinger goals doc William Mills
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Evan Prodromou
- Re: [apps-discuss] Webfinger goals doc William Mills
- Re: [apps-discuss] Webfinger goals doc Breno de Medeiros
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Breno de Medeiros
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Breno de Medeiros
- Re: [apps-discuss] Webfinger goals doc John Panzer
- Re: [apps-discuss] Webfinger goals doc William Mills
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Joseph Anthony Pasquale Holsten
- Re: [apps-discuss] Webfinger goals doc John Panzer
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Joseph Holsten
- Re: [apps-discuss] Webfinger goals doc Dick Hardt
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Breno de Medeiros
- Re: [apps-discuss] Webfinger goals doc William Mills
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Dick Hardt
- Re: [apps-discuss] Webfinger goals doc Mike Jones
- Re: [apps-discuss] Webfinger goals doc John Panzer
- Re: [apps-discuss] Webfinger goals doc t.petch
- Re: [apps-discuss] Webfinger goals doc Bob Wyman
- [apps-discuss] R: Webfinger goals doc Goix Laurent Walter
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Breno de Medeiros
- Re: [apps-discuss] Webfinger goals doc Tim Bray
- Re: [apps-discuss] Webfinger goals doc Brad Fitzpatrick
- Re: [apps-discuss] Webfinger goals doc Brad Fitzpatrick
- Re: [apps-discuss] Webfinger goals doc Brad Fitzpatrick
- Re: [apps-discuss] Webfinger goals doc Zellyn Hunter
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc Bob Wyman
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] Webfinger goals doc Paul E. Jones
- Re: [apps-discuss] Webfinger goals doc John Bradley
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP James M Snell
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP John Bradley
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP James M Snell
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Bob Wyman
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Breno de Medeiros
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Tim Bray
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Martin Thomson
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Breno de Medeiros
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Tim Bray
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Blaine Cook
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP William Mills
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Evan Prodromou
- Re: [apps-discuss] Webfinger goals doc Brad Fitzpatrick
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Brad Fitzpatrick
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP John Bradley
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP John Bradley
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Tim Bray
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Tim Bray
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Tim Bray
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- [apps-discuss] Options... Re: HTTPS-only vs HTTPS… William Mills
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Paul E. Jones
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP John Bradley
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Paul E. Jones
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Mikael Nordfeldth
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Melvin Carvalho
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Dick Hardt
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Brad Fitzpatrick
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Zellyn Hunter
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Paul E. Jones
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Dick Hardt
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Dick Hardt
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Dick Hardt
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Dick Hardt
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Dick Hardt
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP John Panzer
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Dick Hardt
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Paul E. Jones
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Paul E. Jones
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Tim Bray
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Paul E. Jones
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Tim Bray
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Martin J. Dürst
- Re: [apps-discuss] Web Finger HTTPS-only vs HTTPS… John Bradley
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Evan Prodromou
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Nico Williams
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP John Panzer
- Re: [apps-discuss] HTTPS-only vs HTTPS-and-HTTP Brad Fitzpatrick