2 questions
Glen <glen.84@gmail.com> Sat, 28 March 2015 20:15 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1781D1A1A5F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 28 Mar 2015 13:15:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_ADSP_CUSTOM_MED=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HyNddN6uM2Iw for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 28 Mar 2015 13:15:00 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B34031A1A62 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 28 Mar 2015 13:15:00 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Ybx56-00079K-Oe for ietf-http-wg-dist@listhub.w3.org; Sat, 28 Mar 2015 20:11:44 +0000
Resent-Message-Id: <E1Ybx56-00079K-Oe@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1Ybx4u-00078X-2l for ietf-http-wg@listhub.w3.org; Sat, 28 Mar 2015 20:11:32 +0000
Received: from raoul.w3.org ([128.30.52.128]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <ylafon@w3.org>) id 1Ybx4t-00062e-Ny for ietf-http-wg@w3.org; Sat, 28 Mar 2015 20:11:32 +0000
Received: from homard.platy.net ([80.67.176.7] helo=[192.168.1.37]) by raoul.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1Ybx4t-0008DC-Ak for ietf-http-wg@w3.org; Sat, 28 Mar 2015 20:11:31 +0000
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: text/plain; charset="us-ascii"
From: Glen <glen.84@gmail.com>
Resent-From: Yves Lafon <ylafon@w3.org>
Date: Sat, 28 Mar 2015 14:43:45 +0000
Content-Transfer-Encoding: quoted-printable
Resent-Date: Sat, 28 Mar 2015 21:11:29 +0100
Resent-To: ietf-http-wg@w3.org
X-Name-Md5: efe3dad792d606410c9cc49cedaffc94
Message-Id: <5516BDFC.3050201@gmail.com>
To: ietf-http-wg@w3.org
X-Mailer: Apple Mail (2.2070.6)
X-W3C-Hub-Spam-Status: No, score=1.2
X-W3C-Hub-Spam-Report: ALL_TRUSTED=-1, DKIM_ADSP_CUSTOM_MED=0.001, NML_ADSP_CUSTOM_MED=1.2, T_RP_MATCHES_RCVD=-0.01, W3C_NW=1
X-W3C-Scan-Sig: lisa.w3.org 1Ybx4t-00062e-Ny 5d4a53d09f4cacc120b02e210319c56a
X-Original-To: ietf-http-wg@w3.org
Subject: 2 questions
Archived-At: <http://www.w3.org/mid/5516BDFC.3050201@gmail.com>
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29047
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi, I have 2 questions, if I may. 1. What were the reasons for HTTP/2 not requiring TLS? Is there a significant performance consideration, is it related to the cost of certificates (which is now fairly low or even free), or are there other technical reasons? It would be nice if the web was just "secure by default", and I would have thought that now would be the right time to move in that direction. Also, at least 2 of the major browser vendors have said that they won't be supporting HTTP/2 without TLS, so surely no one is going to want to run their website without it? 2. Are the BREACH and CRIME exploits still applicable, especially with regard to content (body) compression? If so, does that mean that it's not possible to compress content (with gzip, for example) and still maintain security? Please respond as if I were a layman, as my knowledge on these subjects is somewhat limited. Thanks.
- 2 questions Glen
- Re: 2 questions Yoav Nir
- Re: 2 questions Cory Benfield
- Re: 2 questions Constantine A. Murenin
- Re: 2 questions Matthew Kerwin
- Re: 2 questions Walter H.
- Re: 2 questions Walter H.
- RE: 2 questions Mike Bishop
- Re: 2 questions Adrien de Croy
- Re: 2 questions Cory Benfield
- Re: 2 questions Amos Jeffries
- Re: 2 questions Amos Jeffries
- Re: 2 questions Cory Benfield
- Re: 2 questions Adrien de Croy
- Re: 2 questions Yoav Nir
- Re: 2 questions Roland Zink
- Re: 2 questions Martin Thomson
- Re: 2 questions Walter H.
- Re: 2 questions Walter H.
- Re: [Moderator Action] 2 questions Glen
- Re: 2 questions Dan Anderson
- Re: 2 questions Adrien de Croy
- RE: 2 questions Xiaoyin Liu
- Re: 2 questions Adrien de Croy
- Re: 2 questions Stephen Farrell
- comprehensive TLS is not the solution, it's a bug… Walter H.
- Re: comprehensive TLS is not the solution, it's a… Walter H.
- Re: 2 questions Eric J. Bowman
- Re: comprehensive TLS is not the solution, it's a… Amos Jeffries
- Re: comprehensive TLS is not the solution, it's a… Willy Tarreau
- Re: comprehensive TLS is not the solution, it's a… Walter H.
- Re: comprehensive TLS is not the solution, it's a… Walter H.
- Re: comprehensive TLS is not the solution, it's a… Willy Tarreau
- Re: comprehensive TLS is not the solution, it's a… Maxthon Chan
- Re: comprehensive TLS is not the solution, it's a… Roberto Peon
- Re: comprehensive TLS is not the solution, it's a… Walter H.
- Re: comprehensive TLS is not the solution, it's a… Maxthon Chan
- Re: comprehensive TLS is not the solution, it's a… Willy Tarreau
- Re: comprehensive TLS is not the solution, it's a… Maxthon Chan
- Re: 2 questions Adrien de Croy
- Re: 2 questions Stephen Farrell
- Re: comprehensive TLS is not the solution, it's a… Matthew Kerwin
- Re: comprehensive TLS is not the solution, it's a… Maxthon Chan
- Re: 2 questions Maxthon Chan
- RE: comprehensive TLS is not the solution, it's a… Mike Bishop
- Re: 2 questions Poul-Henning Kamp
- Re: comprehensive TLS is not the solution, it's a… ChanMaxthon
- Re: 2 questions Stephen Farrell
- Re: 2 questions Poul-Henning Kamp
- Re: 2 questions Stephen Farrell
- Re: comprehensive TLS is not the solution, it's a… Amos Jeffries
- Re: comprehensive TLS is not the solution, it's a… Amos Jeffries
- Re: 2 questions ChanMaxthon
- Re: 2 questions Amos Jeffries
- Re: 2 questions Yoav Nir
- Re: 2 questions Poul-Henning Kamp
- Re: 2 questions Maxthon Chan
- Re: 2 questions Simpson, Robby (GE Energy Management)
- Re: 2 questions Ted Hardie
- Re: 2 questions Jason T. Greene
- Re: 2 questions Benjamin Carlyle
- Re: 2 questions Martin Thomson
- Re: 2 questions OSCAR GONZALEZ DE DIOS
- Re: 2 questions Martin Thomson
- Re: 2 questions ChanMaxthon
- Re: 2 questions Glen
- Re: 2 questions Roland Zink
- Re: 2 questions Ilari Liusvaara
- Re: 2 questions Glen
- Re: 2 questions Jim Manico
- Re: 2 questions Yoav Nir
- Re: 2 questions Glen
- Re: 2 questions Glen
- Re: 2 questions Jim Manico
- Re: 2 questions Amos Jeffries
- Re: 2 questions Maxthon Chan
- Re: 2 questions Glen
- Re: 2 questions Glen
- Re: 2 questions Ilari Liusvaara
- Re: 2 questions Amos Jeffries
- Re: 2 questions Martin Thomson
- Re: 2 questions Yoav Nir
- Re: 2 questions Martin Thomson