<div dir="ltr">I personally enjoyed what Mark Nottingham (who is chairing the IETF HTTP2 working group) wrote on the matter:<div><br></div><div><a href="http://www.mnot.net/blog/2014/01/04/strengthening_http_a_personal_view">http://www.mnot.net/blog/2014/01/04/strengthening_http_a_personal_view</a><br>
</div><div><a href="http://www.mnot.net/blog/2014/01/30/http2_expectations">http://www.mnot.net/blog/2014/01/30/http2_expectations</a><br></div><div><br></div><div>From the last one, "what to expect from http 2":</div>
<div><br></div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div>6. More Encryption</div><div><br></div><div>HTTP/2 doesn’t require you to use TLS (the standard form of SSL, the Web’s encryption layer), but its higher performance makes using encryption easier, since it reduces the impact on how fast your site seems.</div>
<div><br></div><div>In fact, many people believe that the only safe way to deploy the new protocol on the “open” Internet is to use encryption; Firefox and Chrome have said that they’ll only support HTTP/2 using TLS.</div>
<div><br></div><div>They have two reasons for this. One is that deploying a new version of HTTP across the Internet is hard, because a lot of “middleboxes” like proxies and firewalls assume that HTTP/1 won’t ever change, and they can introduce interoperability and even security problems if they try to interpret a HTTP/2 connection.</div>
<div><br></div><div>The other is that the Web is an increasingly dangerous place, and using more encryption is one way to mitigate a number of threats. By using HTTP/2 as a carrot for sites to use TLS, they’re hoping that the overall security of the Web will improve.</div>
</div></blockquote></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Mar 25, 2014 at 9:42 AM, ianG <span dir="ltr"><<a href="mailto:iang@iang.org" target="_blank">iang@iang.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On 24/03/2014 23:53 pm, Sandy Harris wrote:<br>
> On Sat, Mar 22, 2014 at 9:58 AM, Gary Mulder <<a href="mailto:flyingkiwiguy@gmail.com">flyingkiwiguy@gmail.com</a>> wrote:<br>
><br>
>> Would the RFC process be the ideal forum for development of an Internet<br>
>> Magna Carta?<br>
><br>
> There are already some policy documents, as well as the standards<br>
> track & BCP security documents:<br>
><br>
> RFC 1984 (best number choice on record?)<br>
> IAB and IESG Statement on Cryptographic Technology and the Internet<br>
> <a href="https://tools.ietf.org/html/rfc1984" target="_blank">https://tools.ietf.org/html/rfc1984</a><br>
><br>
> RFC 2804 IETF Policy on Wiretapping<br>
> <a href="https://tools.ietf.org/html/rfc2804" target="_blank">https://tools.ietf.org/html/rfc2804</a><br>
><br>
> There may be others that I don't know about.<br>
><br>
> But yes, some sort of Magna Carta would be a good idea and<br>
> the IETF would in some ways be a good place to develop one.<br>
> The trick would be to avoid most of the politics and keep<br>
> discussion to the technical issues.<br>
<br>
<br>
</div>Analogy may serve, but look to Chinese curse: be careful what you wish for!<br>
<br>
Is the IETF a place for individuals to find their rights?<br>
<br>
Or is it a place for the barons to force their rights over the monarch<br>
at the point of a sword? A reading of the history of Magna Carta may<br>
show a very different view to cozy ideals.<br>
<br>
Who are today's barons? Google, Facebook, IBM, Microsoft? And if the<br>
fought over a new Great Charter with the monarch, what would they ask for?<br>
<br>
And what would be left for the individuals?<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
<br>
iang<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
_______________________________________________<br>
The cryptography mailing list<br>
<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a><br>
<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div><a href="https://konklone.com" target="_blank">konklone.com</a> | <a href="https://twitter.com/konklone" target="_blank">@konklone</a><br>
</div></div>
</div>