Re: New Version Notification for draft-nottingham-http2-encryption-02.txt
Matthew Kerwin <matthew@kerwin.net.au> Wed, 18 December 2013 09:33 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBDD81AE320 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 18 Dec 2013 01:33:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.817
X-Spam-Level:
X-Spam-Status: No, score=-6.817 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.538, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pXHm9RbvLjTO for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 18 Dec 2013 01:32:58 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 4EF981AE0CB for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 18 Dec 2013 01:32:58 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1VtDT1-0000mV-74 for ietf-http-wg-dist@listhub.w3.org; Wed, 18 Dec 2013 09:30:59 +0000
Resent-Date: Wed, 18 Dec 2013 09:30:59 +0000
Resent-Message-Id: <E1VtDT1-0000mV-74@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <phluid61@gmail.com>) id 1VtDSd-0000kd-3m for ietf-http-wg@listhub.w3.org; Wed, 18 Dec 2013 09:30:35 +0000
Received: from mail-la0-f46.google.com ([209.85.215.46]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <phluid61@gmail.com>) id 1VtDSa-0007Xs-Vs for ietf-http-wg@w3.org; Wed, 18 Dec 2013 09:30:34 +0000
Received: by mail-la0-f46.google.com with SMTP id eh20so3749270lab.33 for <ietf-http-wg@w3.org>; Wed, 18 Dec 2013 01:30:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=hG7Vx1Tq5riw6YTufr+0lciqfC+bHGQLA7Z3ReLpjAw=; b=tsd2sIwREIiFm41Uc8GPYmRz4UCc6ClACy+ePpzRg37slDDVumHgMJKEQL2xHZiNKk 6QbEmOjfi9ETmU62mQcbdFpfD3iFQbxZCDE9WO4wcpsev8buQZ3bYnxHYrozZvXXBTJB eSjq8QPxdYOBxD3xF5o7UCGuMQAiD4to290UDUrtMcgH/CSDqv0NBW9sbRGvAb/AHUot NbPjxQJ/bkFw3YKf+S+3cS5k8YQyHvY30OJUrstYvHantDRmi47febwtSBodb6PSmhzH hRT2I7dmQG1dInGc7axafH0htsxBp9duATlsJ1TWIVLNH/HvLvsv1TvP1u0gjzACoKcd 6ioA==
MIME-Version: 1.0
X-Received: by 10.152.23.39 with SMTP id j7mr10927539laf.28.1387359005657; Wed, 18 Dec 2013 01:30:05 -0800 (PST)
Sender: phluid61@gmail.com
Received: by 10.114.3.16 with HTTP; Wed, 18 Dec 2013 01:30:05 -0800 (PST)
In-Reply-To: <52B15621.8060806@cisco.com>
References: <CAFewVt6j0yaRboARj=wpaVO2s9M6j7_za-GXLp9ZWqkFtSys8A@mail.gmail.com> <eme0c50675-de24-47c2-a612-28ffe926e3fd@bodybag> <CAA4WUYj6MCnqLL8-uK_V6WUQv+f1S_DEMio+wLB_DC9CY9xUgA@mail.gmail.com> <52B02095.2010508@cisco.com> <CAA4WUYiZWNtJupQ-6bXO3aNXz1B0qBKoTX9-z-XEjdzTptTLDQ@mail.gmail.com> <52B0A45E.2010901@cisco.com> <D14D3664-5C9B-4270-9CAC-176E7042A1DF@mnot.net> <52B15621.8060806@cisco.com>
Date: Wed, 18 Dec 2013 19:30:05 +1000
X-Google-Sender-Auth: qb2ugbH-5MwW4F4RUkt-99-alAg
Message-ID: <CACweHNB7C3rSODPBc9sAHWcBoX=0HQ6gHp69sk2r9Tn2nWACBg@mail.gmail.com>
From: Matthew Kerwin <matthew@kerwin.net.au>
To: Eliot Lear <lear@cisco.com>
Cc: Mark Nottingham <mnot@mnot.net>, Martin Thomson <martin.thomson@gmail.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="089e0158ca04b54e3c04edcbb0ec"
Received-SPF: pass client-ip=209.85.215.46; envelope-from=phluid61@gmail.com; helo=mail-la0-f46.google.com
X-W3C-Hub-Spam-Status: No, score=-3.0
X-W3C-Hub-Spam-Report: AWL=-2.530, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1VtDSa-0007Xs-Vs a76f03a0ac49ab8d260ac863b64729ee
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-nottingham-http2-encryption-02.txt
Archived-At: <http://www.w3.org/mid/CACweHNB7C3rSODPBc9sAHWcBoX=0HQ6gHp69sk2r9Tn2nWACBg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/21669
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 18 December 2013 18:00, Eliot Lear <lear@cisco.com> wrote: > > > Again, no one has proposed that the HTTP/2 spec say that it only works > across TLS. > > And now let us add up the previous email with my statement above. A > lack of interest from non-browsers and a statement from most browser > people that they aren't going to implement HTTP/2 upgrade means that it > will only work over TLS. "We are one browser vendor who is in support of HTTP 2.0 for HTTP:// URIs. The same is true for our web server." --Rob Trace from Microsoft. <http://lists.w3.org/Archives/Public/ietf-http-wg/2013OctDec/0662.html> They might be market losing share, but I think IE still counts. I have trouble reconciling the above statement with your assertion that browsers won't implement upgrade, since I don't know how else IE could support HTTP/2 for http:// URIs, unless some other magic pre-negotiation mechanism is invented (or possibly a best-effort fallback behaviour: try /2 first, if it fails try /1; but I digress). As noble or whatever as the effort to promote TLS-everywhere may be, I've seen enough points raised in this discussion to argue the case against fully encrypted connections in some contexts, and a case *for* HTTP2 (and its improvements) on connections in an intersecting set of contexts. Some of those even included browser-based access (so I believe IE is doing the Right Thing™). The condition "that HTTP2 will only be implemented by browsers via TLS" is flawed, and therefore your first list (1-2) is moot. Point (1) is already off the table (or on the table, depending on your preferred idiomatic phrase for "not up for discussion"), and point (2) is only true if you change it to "... hence encrypted-only HTTP2 is not a replacement...", which is a tautology. The charter as it stands, designing a full replacement for the HTTP/1 spec, is, I believe, correct. Implementations are free to cherry-pick the bits they support, as long as their failure modes for all the other bits fit the spec. WRT browsers, if they never make a connection that *isn't* over TLS, then that's completely up to them. This doesn't in any way diminish your further list (A-D) for options if and when encryption/security is used, but it makes it less of (or completely not) a priority for this WG; instead it's on whoever decides not to implement unencrypted HTTP/2. -- Matthew Kerwin http://matthew.kerwin.net.au/
- Fwd: New Version Notification for draft-nottingha… Mark Nottingham
- Re: New Version Notification for draft-nottingham… Paul Hoffman
- Re: New Version Notification for draft-nottingham… Mark Nottingham
- Re: Fwd: New Version Notification for draft-notti… Martin Thomson
- Re: New Version Notification for draft-nottingham… Ilari Liusvaara
- Re: Fwd: New Version Notification for draft-notti… Patrick McManus
- Re: New Version Notification for draft-nottingham… Paul Hoffman
- Re: Fwd: New Version Notification for draft-notti… William Chan (陈智昌)
- Re: Fwd: New Version Notification for draft-notti… Poul-Henning Kamp
- Re: Fwd: New Version Notification for draft-notti… William Chan (陈智昌)
- Re: Fwd: New Version Notification for draft-notti… Adrien de Croy
- Re: Fwd: New Version Notification for draft-notti… William Chan (陈智昌)
- Re: Fwd: New Version Notification for draft-notti… Adrien de Croy
- Re: Fwd: New Version Notification for draft-notti… Poul-Henning Kamp
- Re: Fwd: New Version Notification for draft-notti… Eliot Lear
- Re: Fwd: New Version Notification for draft-notti… William Chan (陈智昌)
- Re: Fwd: New Version Notification for draft-notti… Adrien de Croy
- Re: Fwd: New Version Notification for draft-notti… William Chan (陈智昌)
- Re: New Version Notification for draft-nottingham… Mark Nottingham
- Re: New Version Notification for draft-nottingham… Martin Thomson
- Re: Fwd: New Version Notification for draft-notti… Paul Hoffman
- Re: Fwd: New Version Notification for draft-notti… William Chan (陈智昌)
- Re: New Version Notification for draft-nottingham… Roberto Peon
- Re: Fwd: New Version Notification for draft-notti… Paul Hoffman
- Re: Fwd: New Version Notification for draft-notti… Stephen Farrell
- Re: Fwd: New Version Notification for draft-notti… Tim Bray
- Re: Fwd: New Version Notification for draft-notti… Brian Smith
- Re: Fwd: New Version Notification for draft-notti… Poul-Henning Kamp
- Re: New Version Notification for draft-nottingham… Brian Smith
- RE: Fwd: New Version Notification for draft-notti… Christian Huitema
- Re: Fwd: New Version Notification for draft-notti… Yoav Nir
- Re: Fwd: New Version Notification for draft-notti… Adrien de Croy
- Re: Fwd: New Version Notification for draft-notti… Adrien de Croy
- Re: Fwd: New Version Notification for draft-notti… William Chan (陈智昌)
- Re: Fwd: New Version Notification for draft-notti… Stephen Farrell
- Re: Fwd: New Version Notification for draft-notti… Adrien de Croy
- RE: Fwd: New Version Notification for draft-notti… Christian Huitema
- RE: Fwd: New Version Notification for draft-notti… Christian Huitema
- RE: New Version Notification for draft-nottingham… Yoav Nir
- Re: New Version Notification for draft-nottingham… Martin Thomson
- Re: New Version Notification for draft-nottingham… Stephen Farrell
- Re: New Version Notification for draft-nottingham… Martin Thomson
- Re: Fwd: New Version Notification for draft-notti… Eliot Lear
- Re: Fwd: New Version Notification for draft-notti… William Chan (陈智昌)
- Re: Fwd: New Version Notification for draft-notti… Eliot Lear
- Re: Fwd: New Version Notification for draft-notti… Martin Thomson
- Re: Fwd: New Version Notification for draft-notti… Stephen Farrell
- Re: Fwd: New Version Notification for draft-notti… Peter Saint-Andre
- Re: New Version Notification for draft-nottingham… Mark Nottingham
- Re: New Version Notification for draft-nottingham… Eliot Lear
- Re: Fwd: New Version Notification for draft-notti… Martin J. Dürst
- Re: New Version Notification for draft-nottingham… Matthew Kerwin
- Re: Fwd: New Version Notification for draft-notti… Joseph Lorenzo Hall
- Re: New Version Notification for draft-nottingham… Michael Sweet
- Re: Fwd: New Version Notification for draft-notti… Roberto Peon
- Re: New Version Notification for draft-nottingham… Roberto Peon
- Re: New Version Notification for draft-nottingham… Jeff Pinner
- Re: New Version Notification for draft-nottingham… Eliot Lear