That aside, just saying "you MUST do TLS with HTTP/2.0" doesn't buy much
security in a world
where CAs are not trustworthy, people still use RC4/MD5, use woefully short
keys for
otherwise strong algorithms, browsers have effectively trained people to
always click
"visit anyway" and so on.
I believe that this proposal was in line with Bruce Schneier's suggestion at
the plenary.
Do anything to make more work for people trying to listen in to everything on
the Internet.
For example, put a key at the top of the content and then encrypt using this
key.
This is meaningless from the confidentiality point of view,
but eats up computational resources and energy for someone trying to vacuum up
everything.
Even better - when you don't have anything to transmit, send meaningless
supposed encrypted packets.
If everyone did this their storage costs would skyrocket.
Even better, send packets with easily broken encryption containing keywords of
interest.
Y(J)S