- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 11 Jan 2013 19:20:56 +0000
- To: Ilya Grigorik <ilya@igvita.com>
- cc: HTTP Working Group <ietf-http-wg@w3.org>
-------- In message <CAKRe7JHidJN9rnp9fM_7aevR9opZ7P4GnMT+2C3tdoFqLg6ShQ@mail.gmail.com> , Ilya Grigorik writes: >How does this impact the "long term reality of HTTP/2.0"? Quite simple: Right now HTTPS is designed to implement end-to-end crypto, but while that is a nice ideal, it is not possible for IETF to enforce this in practice. The result is that people circumvent the design of HTTPS, with a host security issues as a result of broken design assumptions. HTTP/2.0 should be designed so that such intrusions of the "end-to-end argument" does not cause more than the minimally necessary loss of security. Or if you will: "Graceful degradation" -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 11 January 2013 19:21:19 UTC