- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Thu, 26 Jul 2012 09:01:14 +0000
- To: Mike Belshe <mike@belshe.com>
- cc: Phillip Hallam-Baker <hallam@gmail.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
In message <CABaLYCtZjfR0S3fz-vt8S6ZPaa05B0e5X+7tWPYb=5pZg7kGGA@mail.gmail.com> , Mike Belshe writes: >Actually, TLS is end-to-end encrypted and just an opaque byte stream as far >as intermediaries are concerned. I'm not sure what you mean by hop-by-hop, >but TLS is not (to me) hop-by-hop. TLS is, as far as content is concerned hop-by-hop. Usage of the broken CA-certificate model for key-material limits TLS to one hop which connects end to end, but other key-material models support more hops. This is one of the reasons I push the envelope+(metadata+content) model for HTTP/2.0: You can use TLS to gain privacy for the envelope on a hop-by-hop basis, while still allowing the intermediaries to act on that envelope, and while still having end-to-end privacy on the metadata+content. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 26 July 2012 09:01:47 UTC