W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: The TLS hammer and resource integrity

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Wed, 28 Mar 2012 07:21:21 +0000
To: Amos Jeffries <squid3@treenet.co.nz>
cc: ietf-http-wg@w3.org
Message-ID: <3653.1332919281@critter.freebsd.dk>
In message <f46d469093a1a7d6a357d77a68217002@treenet.co.nz>, Amos Jeffries writ
es:

>I completely agree that this needs to be addressed, but the transport 
>appears to be doing everything right so far.

Everything, that is, except performance and choice.

There is no way to get around that mandatory TLS is overkill in
many high-volume applications, most notably p0rn.

If you want to kill HTTP/1.1, you have to make HTTP/2.0 a good idea
for the 50% of web traffic consisting of pink bits.

Second, there are places where TLS is simply not a good idea, either
because other security measures are in place, or because transparency
is specifically called for (Think: Flight Recorder).

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Wednesday, 28 March 2012 07:21:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT