Hi Anne, On Tue, Nov 25, 2014 at 9:13 AM, Anne van Kesteren <ann...@annevk.nl> wrote:
> > > They are doing this with opportunistic encryption (via the > > Alternate-Protocol response header) for http:// over QUIC from chrome. > In > > > > Or are you saying that > because Google experiments with OE in QUIC, including in services > today through Chrome, it is weird for them to oppose OE in HTTP? > Its interesting because of what it says about the actual options instead of the arguments we make about them. Google is trying hard to be https:// everywhere and yet they still have to run http:// services. That illustrates how hard a full transition is - most people can't match the kind of resources to spend on the problem that google has, and yet google hasn't been 100% successful. The rest of the web does far worse - heck we just launched our new h.264 Cisco addon download over http:// (with an external integrity check). When running http:// google has twice made an engineering decision to do so with OE and something better than h1. The result is better than plaintext-h1 and we should also be striving to bring our users and the whole web the same benefits. "This site runs better in Chrome" sucks. What we're going to do is make https better faster and cheaper as the long play to ubiquitous real security, and in the short term offer folks more encryption and better transports on http:// too because we hope to reach more of them that way. Plaintext is the last choice and is maintained strictly for compatibility - nobody wins when we do that. -P [I think we're firmly into the recycling phase again :)] _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
