W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: New Version Notification for draft-nottingham-http2-encryption-00.txt

From: Yoav Nir <ynir@checkpoint.com>
Date: Mon, 7 Oct 2013 16:14:09 +0000
To: Paul Hoffman <paul.hoffman@gmail.com>
CC: Mark Nottingham <mnot@mnot.net>, Martin Thomson <martin.thomson@gmail.com>, "ietf-http-wg@w3.org WG" <ietf-http-wg@w3.org>
Message-ID: <54545D21-DE54-48F1-969E-F1204A3FCB56@checkpoint.com>

On Oct 7, 2013, at 6:13 PM, Paul Hoffman <paul.hoffman@gmail.com<mailto:paul.hoffman@gmail.com>> wrote:

The server needs to know whether the cert is being validated (as discussed in a note near the end, there's more work to do on this).

I'm not seeing that note; can you repeat the text here? Currently, the server doesn't know whether the cert is validated: it could have been accepted by clicking-through-the-UI-warnings.

If the HTTP server doesn't "need" to know whether the TLS client did the validation, then there is no need for the "-relaxed" profile. If the HTTP server really does need to know that, then we need a new TLS extension that causes an validation indication to be passed through an API. That's much more work than you are proposing here.


Suppose a server has a self-signed or self-issued certificate. Advertising "tls" would cause a client to start a TLS handshake, (maybe) attempt to validate the certificate, and fail miserably.

By advertising "tls-relaxed" but not "tls", the server can inform the client that using TLS will only for if the clients are willing to not be picky about the certificates.

In regular HTTPS the server does not need to know whether the client is doing any validation. For HTTP the server still doesn't need to know, but the client needs to know if the server is only advertising a willingness to encrypt or actual authenticated handshake.

Personally, I would prefer it if we didn't ask implementors to use certificates without validation. I'd rather that this be replaced with ADH ciphersuites without any certificate whatsoever. Anonymous certificates seem like a hack around the problem that browsers don't currently support ADH ciphersuites. But then, browsers don't support Alt-Svc either . I don't see why one feature is deemed easy to add, while the TLS ciphersuite is deemed hard. Using certificates has the advantage that you can use corporate CAs, so that some people can get a fully-validated session with mutual authentication, and others can get an anonymous session, and the server does not need to be able to tell them apart. I guess that's a reason.

Yoav
Received on Monday, 7 October 2013 16:14:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:18 UTC