W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: HTTP2 Expression of Interest

From: Phillip Hallam-Baker <hallam@gmail.com>
Date: Sun, 15 Jul 2012 09:12:30 -0400
Message-ID: <CAMm+Lwh44tHq=QmQo_0VXazMHNGaHrd8L0zzjGYScy-=-m6SiA@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Willy Tarreau <w@1wt.eu>, Doug Beaver <doug@fb.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
TLS is not an appropriate security solution for the content delivery
people. No question about that.

But they do have security concerns and they could benefit from the
right security solution, one that allows them to use pre-baked crypto.
IE a message layer security solution rather than a transport layer
solution.


Let us imagine that Viacom stores all their movie content in encrypted
and authenticated form. When someone wants to watch one they pull the
encrypted bits from the server, wrap the relevant key so that the
intended recipient can read them and ship them out to the user.

This allows Viacom to protect their intellectual property with almost
no performance impact.

If all we needed for this was the content layer piece it would be a
no-brainer. message level encryption is just another encoding. We
already have a PKI for TLS to provide public keys. The devil comes in
the key exchange to join the two together.


On Sun, Jul 15, 2012 at 8:27 AM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
> In message <CAMm+LwjYUjpELfi=t3UAOXBYUWWuFD08df58rPvg3Wx=fBrNzQ@mail.gmail.com>
> , Phillip Hallam-Baker writes:
>
>>I can't see a value to mandating use of TLS in HTTP/2.0.
>
> Lets move it back one step further:
>
> There is negative value in mandating crypto in HTTP/2.0 because it
> will make HTTP/2.0 unattractive to the people who refer to themselves
> as "in the multimedia business".
>
> These people deliver about 1/3-1/2 half of all HTTP traffic on the
> Internet in a fetching range of skin-tones.
>
> Please don't try to push political agendas, like mandatory encryption,
> with technical means.
>
> It doesn't work.
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.



-- 
Website: http://hallambaker.com/
Received on Sunday, 15 July 2012 13:12:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 15 July 2012 13:13:03 GMT