From : Poul-Henning Kamp < : Poul-Henning Kamp < phk@phk.freebsd.dk



To : Mark Nottingham < : Mark Nottingham < mnot@mnot.net

cc : HTTP Working Group < : HTTP Working Group < ietf-http-wg@w3.org

Message-ID : <59219.1401097569@critter.freebsd.dk>



In message <07D15A9A-8002-44F8-AC00-2A73A4CDE7A7@mnot.net>, Mark Nottingham wri tes: >I don't hear the engineers who have put a year and a half of work into >this effort talking about "defeat" nor about it being a "fiasco." >They're a very good representation of HTTP implementers, and from what >I've heard to date, they think we're getting close to shipping. Even asking the wrong question to the wrong people, you will get to the end of the useless answer eventually. >If you want to come and make technical proposals in good faith, ask >questions, argue for specific approaches, etc. you are -- as always -- >welcome to participate. I stated my case, and was told that it was far more important to goldplate SPDY on a rushed and unrealistic schedule, to gain a little bit of speed, than to try to solve the problems with scalability and privacy I pointed out. I'll be happy to participate in worthwhile projects, but HTTP/2.0 has never been that for me. >> * Immediately start the design a successor protocol to >> HTTP/1.1, which through necessary simplifications of HTTP >> semantics and based on what we learned from the SPDY prototype, >> will become better than HTTP/1.1 for all uses and users. > >Changing the semantics of HTTP are out of scope for good reason; I think of those as really bad reasons. >As much as many people would like to get rid of Cookies -- something >you've proposed many times -- doing it in this effort would be >counter-productive. Counter-productive for *who* Mark ? Counter-productive for FaceBook, Google, Microsoft, NSA and the other mastodons who use cookies and other mistakes in HTTP (ie: user-agent) to deconstruct our personal identities, across the entire web ? Even with "SSL/TLS everywhere", all those small blue 'f' icons will still tell FaceBook all about what websites you have visited. The "don't track" fiasco has shown conclusively, that there is never going to be a good-faith attempt by these mastodons to improve personal privacy: It's against their business model. And because this WG is 100% beholden to the privacy abusers and gives not a single shit for the privacy abused, fixing the problems would be "counter-productive". If we cared about human rights, and privacy, being "counter-productive" for the privacy-abusing mastodons would be one of our primary goals. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.