Doubts about 7.1.1. Opportunistic TLS about http2-explained HOT 2 OPEN

First, let's remember that this describes the state of the discussion as it was a few years ago.

how does this compare against a connection that was initiated directly with https?

HTTPS:// in the URL would imply authenticated TLS. That the name is verified against the certificate and the certificate is signed by a trusted CA. A secure connection.

wouldn't use any padlock in the UI" this is obscure

Maybe, but it is there to underscore that there would be nothing in the UI to hint or suggest that the connection would be secure.

"there is no way to tell.." what isn't plain old HTTP exactly? The new connection where the user is being redirected to? Why would a client assume that? Why would a user?

One of the strong arguments mentioned against opportunistic HTTPS back in the day was exactly that users would be satisfied with this level and thus not go all the way and do proper HTTPS for sites. Thus it seemed relevant to underscore that there would be no indication to users that it is "HTTPS", as it wouldn't be HTTPS as it otherwise works for clients.

from http2-explained.

First, let's remember that this describes the state of the discussion as it was a few years ago.

Sure, it was not meant as a (non-constructive) critique. I really didn't understand the passage and I still doubt I'm understanding it properly.

I probably misread the whole paragraph like this:

YADDA YADDA it isn't plain old HTTP, but this is still opportunistic TLS and some people YADDA

instead of this:

YADDA YADDA it isn't plain old HTTP, but this is still opportunistic TLS and some people YADDA

i.e. the but refers only to the "it isn't plain old HTTP" and not to the whole sequence of arguments before.

It would help to have a simpler sentence structure like: "Some people are very firm against Opportunistic TLS because this, this and that as well".

from http2-explained.