W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: The TLS hammer and resource integrity

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Thu, 29 Mar 2012 07:20:10 +0000
To: Henry Story <henry.story@bblfish.net>
cc: patrick mcmanus <pmcmanus@mozilla.com>, ietf-http-wg@w3.org
Message-ID: <35023.1333005610@critter.freebsd.dk>
In message <0BD7B951-93F7-4620-A098-987EF53E2CA3@bblfish.net>, Henry Story writ

>You mean the server may not be allowed to use crypto for encryption. I 
>seriously doubt a server may not be allowed to use crypto for integrity and 
>identity. TLS allows crypto to be used for integrity and identity without 
>User interfaces do need to be improved to make this visible, but it is 

You seem to forget that certain services are based on plausible deniability.
Adding integrity proving metadata would not work for them.

But at the bottom of this argument is a much more fundamental question
which you still have not answered:

You and which army is going to make people switch from HTTP/1.1 to
HTTP/2.0 if they don't think it is an improvement ?

Remember that HTTP/2.0 is an offer we can make, not a law we can enforce.

See also:  OSI protocols, IPv6 etc.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 29 March 2012 07:20:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:01 UTC