W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: The TLS hammer and resource integrity

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Thu, 29 Mar 2012 07:20:10 +0000
To: Henry Story <henry.story@bblfish.net>
cc: patrick mcmanus <pmcmanus@mozilla.com>, ietf-http-wg@w3.org
Message-ID: <35023.1333005610@critter.freebsd.dk>
In message <0BD7B951-93F7-4620-A098-987EF53E2CA3@bblfish.net>, Henry Story writ
es:

>You mean the server may not be allowed to use crypto for encryption. I 
>seriously doubt a server may not be allowed to use crypto for integrity and 
>identity. TLS allows crypto to be used for integrity and identity without 
>confidentiality. 
>User interfaces do need to be improved to make this visible, but it is 
>available.

You seem to forget that certain services are based on plausible deniability.
Adding integrity proving metadata would not work for them.

But at the bottom of this argument is a much more fundamental question
which you still have not answered:

You and which army is going to make people switch from HTTP/1.1 to
HTTP/2.0 if they don't think it is an improvement ?

Remember that HTTP/2.0 is an offer we can make, not a law we can enforce.

See also:  OSI protocols, IPv6 etc.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 29 March 2012 07:20:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT