-------- In message <CAKRe7JHidJN9rnp9fM_7aevR9opZ7P4GnMT+2C3tdoFqLg6ShQ@mail.gmail.com> , Ilya Grigorik writes: >How does this impact the "long term reality of HTTP/2.0"? Quite simple: Right now HTTPS is designed to implement end-to-end crypto, but while that is a nice ideal, it is not possible for IETF to enforce this in practice. The result is that people circumvent the design of HTTPS, with a host security issues as a result of broken design assumptions. HTTP/2.0 should be designed so that such intrusions of the "end-to-end argument" does not cause more than the minimally necessary loss of security. Or if you will: "Graceful degradation" -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.Received on Friday, 11 January 2013 19:21:19 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 11 January 2013 19:21:20 GMT