- From: Eliot Lear <lear@cisco.com>
- Date: Fri, 11 Jan 2013 22:52:36 +0100
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- CC: Poul-Henning Kamp <phk@phk.freebsd.dk>, Ilya Grigorik <ilya@igvita.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 1/11/13 8:44 PM, Stephen Farrell wrote: >> The result is that people circumvent the design of HTTPS, >> with a host security issues as a result of broken design assumptions. >> >> HTTP/2.0 should be designed so that such intrusions of the "end-to-end >> argument" does not cause more than the minimally necessary loss of >> security. > Feel free to document a design that is not trivially insecure > and that's acceptable to e.g. the likes of banks and educated > end users and the IETF as a whole. FWIW, I've never seen such > a design. All I've seen so far is the precursor arm-waving for > such a design;-) > How does this differ from what we have today? Eliot
Received on Friday, 11 January 2013 21:53:04 UTC