Re: Adding Security Considerations regarding interception to p1 from Patrick McManus on 2013-09-20 (ietf-http-wg@w3.org from July to September 2013)

From: Patrick McManus <pmcmanus@mozilla.com>
Date: Fri, 20 Sep 2013 05:06:39 -0700
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Willy Tarreau <w@1wt.eu>, Mark Nottingham <mnot@mnot.net>, Mike Belshe <mike@belshe.com>, "Roy T. Fielding" <fielding@gbiv.com>, IETF HTTP WG <ietf-http-wg@w3.org>
Message-ID: <CAOdDvNq-Ap-FuoX0gRBFfRVbiwA1oD3uO9k0d9Nj7FbMhKO8rA@mail.gmail.com>

On Fri, Sep 20, 2013 at 3:50 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>wrote:

> Recent events would seem to indicate otherwise unless you consider
> all of Snowdonia to be a "detail".
>
> I would love to see this WG do a great job of helping folks to
> deploy HTTP1.1 over TLS better. It should though at least
> acknowledge the issues and the major countermeasure that does
> get deployed and encourage that. And I think text along the
> lines Mark initially suggested, or some of the reasonable
> alternative suggestions, seems like the minimum that needs to
> be done.
>
> S.



right on.

Received on Friday, 20 September 2013 12:07:09 UTC