@steveklabnik I agree (see my thoughts here: innoq.com/blog/st/2012/11/so…), but e.g. HTTP 2 does away with the TLS requirement