On Thu, Nov 7, 2013 at 5:19 PM, Noel Chiappa <jnc@xxxxxxxxxxxxxxxxxxx> wrote:
> From: ned+ietf@xxxxxxxxxxxxxxxxx
Yes, encrypting publicly available documents will do so much to increase our
> In light of the sentiments expressed at the plenary and in perpass in
> regards to opportunistic encryptions, perhaps this is the dogfood we
> should be eating.
privacy.
That's not what Ned or I was hinting at.
RFC 2817 describes a mechanism for connecting on port 80, and asking the server nicely to switch to TLS, rather than connecting on port 443 and switching to TLS from the outset.
It's the equivalent of the majority of protocols, which support a "STARTTLS" or similar extension, making it trivial to provide and use optional, opportunistic, encryption.
What this would allow is that browsers could *easily* use TLS to provide some protection, even when given an "http" scheme URI.
Dave.