Re: HTTP/2 and Pervasive Monitoring
Brian Smith <brian@briansmith.org> Fri, 15 August 2014 18:35 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 170D01A00FE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 11:35:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.948
X-Spam-Level:
X-Spam-Status: No, score=-6.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNmVx5Zas7nf for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 15 Aug 2014 11:35:19 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C38C21A00CD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 15 Aug 2014 11:35:19 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XIMIZ-0003CK-LZ for ietf-http-wg-dist@listhub.w3.org; Fri, 15 Aug 2014 18:32:23 +0000
Resent-Date: Fri, 15 Aug 2014 18:32:23 +0000
Resent-Message-Id: <E1XIMIZ-0003CK-LZ@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <brian@briansmith.org>) id 1XIMIK-0003BX-Ag for ietf-http-wg@listhub.w3.org; Fri, 15 Aug 2014 18:32:08 +0000
Received: from mail-qg0-f51.google.com ([209.85.192.51]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <brian@briansmith.org>) id 1XIMIJ-0000nt-LS for ietf-http-wg@w3.org; Fri, 15 Aug 2014 18:32:08 +0000
Received: by mail-qg0-f51.google.com with SMTP id a108so2481147qge.24 for <ietf-http-wg@w3.org>; Fri, 15 Aug 2014 11:31:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=r6tdNw2IuRyKYjXo5TfofzW/rj9WJiIwxnxE+q6wRdc=; b=NOzix9ktBf7rpbEaPpANjiLfeQNmfKcm43h99QcFCPY34R3Hwu8sMcvGPMsCxnrCRr bkROKt8a8WhRK99/g5Pmkhr4srQStKzNCjIi/14xPsZUtTFqjRkGAy9GsMt3cyROPu8R O9g40aj6yk1a+dUK8obz2ZKbMhQGjAvIyx+TFfbnA2pHWh7k89RVvBlVgg2XvCxElNmO Y1K3jSWvYdpDMaFHBQ7wI/+UiinMvmp0GLOIf5VR04K7J0B9kP1aFRFKJN8+63Xbb4GB GjcUM+mT9QNSZ7szMEdRsQ+DM6kdXL0bOgFLR/gBQePYyD6m6TCDpEM8rCaADSuA5oG6 eGDw==
X-Gm-Message-State: ALoCoQm5lJEisqPs+cC1P1owhtzDlgKCB4wDYjnqYopscwghRgH6mnYXlzUaQb8B7AF6D/3+3ywd
MIME-Version: 1.0
X-Received: by 10.224.65.196 with SMTP id k4mr31117119qai.56.1408127501997; Fri, 15 Aug 2014 11:31:41 -0700 (PDT)
Received: by 10.224.67.133 with HTTP; Fri, 15 Aug 2014 11:31:41 -0700 (PDT)
In-Reply-To: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net>
References: <38BD57DB-98A9-4282-82DD-BB89F11F7C84@mnot.net>
Date: Fri, 15 Aug 2014 11:31:41 -0700
Message-ID: <CAFewVt7OwvOOJpKin_iFyGA7yRZCxbJiFaCH3XTi6-wbvp19tw@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.192.51; envelope-from=brian@briansmith.org; helo=mail-qg0-f51.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.767, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1XIMIJ-0000nt-LS ae9f9a8d08f566e9be5ef0a07aeffc6d
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTP/2 and Pervasive Monitoring
Archived-At: <http://www.w3.org/mid/CAFewVt7OwvOOJpKin_iFyGA7yRZCxbJiFaCH3XTi6-wbvp19tw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26621
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Thu, Aug 14, 2014 at 7:58 PM, Mark Nottingham <mnot@mnot.net> wrote: > Note that most of the justification for our decision not to require https:// for HTTP/2 seems to be predicated on this part of our charter <http://datatracker.ietf.org/wg/httpbis/charter/>: > > "The resulting specification(s) are expected to meet these goals for common existing deployments of HTTP[.]" > > ... i.e., we're not able to argue that people who can't use https:// should just stay on HTTP/1.1. This charter text was written before BCP188 (and the incidents leading up to it), but has considerable support in the WG. In the end, it seems like the working group accepted that there will be times when implementations must fall back to HTTP/1.1, so isn't the justification you mention above void now? In particular, see this very recent thread "Feedback on Fallback" started by Mike Bishop and the "Over-Version" draft it references: http://lists.w3.org/Archives/Public/ietf-http-wg/2014JulSep/1724.html http://tools.ietf.org/html/draft-nottingham-http-over-version-00 Consequently, I don't think the shepherd's writeup should say that requiring authenticated TLS for HTTP/2 was rejected on the grounds that fallback to HTTP/1.1 is unacceptable, since the group came around to agreeing that fallback to HTTP/1.1 is indeed a reasonable compromise sometimes. Cheers, Brian
- HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- RE: HTTP/2 and Pervasive Monitoring K.Morgan
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Nilsson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- RE: HTTP/2 and Pervasive Monitoring Albert Lunde
- Re: HTTP/2 and Pervasive Monitoring Cory Benfield
- Re: HTTP/2 and Pervasive Monitoring Erik Nygren
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Brian Smith
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Roland Zink
- Re: HTTP/2 and Pervasive Monitoring Stephen Farrell
- Re: HTTP/2 and Pervasive Monitoring Amos Jeffries
- Re: HTTP/2 and Pervasive Monitoring Eliot Lear
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Ilari Liusvaara
- Re: HTTP/2 and Pervasive Monitoring Mark Nottingham
- Re: HTTP/2 and Pervasive Monitoring Greg Wilkins
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp
- Re: HTTP/2 and Pervasive Monitoring Martin Thomson
- Re: HTTP/2 and Pervasive Monitoring Poul-Henning Kamp