Sent from my iPhone
> On Nov 21, 2014, at 9:11 AM, Stephen Farrell <[email protected]> > wrote: > > > >> On 21/11/14 14:05, Ted Lemon wrote: >>> On Nov 21, 2014, at 1:00 AM, Michael Richardson <[email protected]> >>> wrote: >>> Nobody said that unauthenticated TLS should show a "lock" >> >> Unfortunately I think more people notice "https://"; than the lock. > > The relevant proposal here is the httpbis WG draft. [1] I'm not > sure when a -01 will pop out, but there have been some comments > on this (incl. from me:-) on the WG list, so best to check there > in case you're repeating stuff that's already planned to change. > > That is based on use of HTTP URIs and also not indicating that > TLS is in use via any lock icons or similar. That's in line with consensus from the STRINT workshop. Fallback to unauthenticated crypto would appear to the user same as an http session. Regards, Kathleen > > Seems like a fine idea to me fwiw, though somewhat controversial > amongst some browser folks still. > > S. > > [1] https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
