W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Moving forward on improving HTTP's security

From: Tao Effect <contact@taoeffect.com>
Date: Wed, 13 Nov 2013 09:20:38 -0500
Cc: Mark Nottingham <mnot@mnot.net>, "Julian F. Reschke" <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <F5887EB7-1EB8-46D3-B0E2-6B13EBE96170@taoeffect.com>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
Hi list!

I only just heard about this discussion now, and so I signed up on the list.

I strongly urge the HTTP working group and the IETF (if that's a different entity) to not rush this and allow more time for feedback from the internet community.

The IETF is not the internet, and I assure you that there are a lot of people out there working on various solutions independently. They have valuable ideas to share, and feedback to offer. I think it's worth giving them a chance to speak before declaring something "HTTP 2.0".

What I have read so far of the suggestions here leads me to think the ideas are still very immature.

Correct me if I'm wrong, but is "HTTP/2.0" still using today's PKI/CA system?

If so, it is not worthy of the "2.0" designation, as any system that preserves this broken system does not provide any meaningful security guarantees.

Kind regards,
Greg Slepak
Tao Effect, LLC

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Nov 13, 2013, at 9:04 AM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:

> * Mark Nottingham wrote:
>> Your understanding of what happened seems like itís different than the 
>> other people who Iíve spoken to. Regardless of that, however, we donít 
>> need to discuss every option at physical meetings; we need to discuss 
>> them on the list. Thatís whatís happening now.
> 
> As I understand your message, the discussion is over, the decision has
> been made. That is what various news media are reporting and what is
> implied by your use of language like "revisit this decision". If your
> purpose was not to record that the subject matter has received due
> consideration on the mailing list and has now been decided and closed,
> and just meant to make a proposal, then you should clarify accordingly.
> -- 
> BjŲrn HŲhrmann ∑ mailto:bjoern@hoehrmann.de ∑ http://bjoern.hoehrmann.de
> Am Badedeich 7 ∑ Telefon: +49(0)160/4415681 ∑ http://www.bjoernsworld.de
> 25899 DagebŁll ∑ PGP Pub. KeyID: 0xA4357E78 ∑ http://www.websitedev.de/ 
> 


Received on Wednesday, 13 November 2013 14:21:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC