Re: New Version Notification for draft-nottingham-http2-encryption-00.txt from Paul Hoffman on 2013-10-14 (ietf-http-wg@w3.org from October to December 2013)

From: Paul Hoffman <paul.hoffman@gmail.com>
Date: Mon, 14 Oct 2013 11:24:38 -0700
To: "ietf-http-wg@w3.org WG" <ietf-http-wg@w3.org>
Cc: Mark Nottingham <mnot@mnot.net>
Message-ID: <CAPik8yZoDzLRBvyE3jWMs4MotHjk3bAV=HwTJL8i6BuRQEEfsA@mail.gmail.com>

I went ahead and jotted down some notes into a draft that might help
clarify what I am thinking about for making optimistic TLS notifications in
DNS instead of HTTP headers. If people like this idea, I'll pursue it; if
not, I'm happy to let it die.

--Paul Hoffman

Filename:     draft-hoffman-trytls
Revision:     00
Title:         Optimistic Encryption using TLS Signaling in the DNS
Creation date:     2013-10-14
Group:         Individual Submission
Number of pages: 4
URL:
http://www.ietf.org/internet-drafts/draft-hoffman-trytls-00.txt
Status:          http://datatracker.ietf.org/doc/draft-hoffman-trytls
Htmlized:        http://tools.ietf.org/html/draft-hoffman-trytls-00

Abstract:
  Many Internet servers offer content in two transports: unencryped,
  and encrypted with TLS.  A user who accesses some content with a URL
  that indicates unencrypted (such as "http:") might prefer to get the
  content encrypted but doesn't bother to change the URL to indicate
  this.  This proposal allows Internet clients, particularly web
  clients and mail user agents, to do a DNS lookup to see whether they
  might expect content for a particular host to also be available under
  TLS.  Using the DNS for this is much faster than attempting a TLS
  session that might time out or take many round trips in order to
  discover that the content is not available.

On Thu, Oct 10, 2013 at 11:28 AM, Paul Hoffman <paul.hoffman@gmail.com>wrote:

> If folks think that the discussion is leading away for a solution to the
> problem of optimistic HTTP encryption due to it being too hard to start
> from the HTTP headers, please do consider other options. A few years ago I
> floated a proposal for a "HASTLS" DNS record that garnered some interest
> but became bogged down in policy questions relating to fallback from secure
> to insecure. (The abandoned draft is at
> http://tools.ietf.org/html/draft-hoffman-server-has-tls-05) I could
> revive that draft, stripped of the fallback language, if this WG wants
> optimistic HTTP but can't see a good way to get it in HTTP itself.
>
> --Paul Hoffman
>

Received on Monday, 14 October 2013 18:25:05 UTC