W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: How HTTP 2.0 mandatory security will actually reduce my personal security

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Fri, 15 Nov 2013 17:24:29 +0000
Message-ID: <528658CD.70508@cs.tcd.ie>
To: Roberto Peon <grmocg@gmail.com>, Michael Sweet <msweet@apple.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>, Bruce Perens <bruce@perens.com>

Hi,

On 11/15/2013 05:18 PM, Roberto Peon wrote:
> and even
> submitted and contributed to a couple of drafts on the topic.

I don't know if you mean a TLS MITM proposal or something
else.

In the former case, please accompany any such proposal with
an analysis of the set of 176 RFCs [1] that reference 5246
and the 91 that refer to 4246 [2] and the 167 that refer to
2246 [3] to demonstrate that MITM'ing all of those is a good
and safe plan. And of course that ignores the non-IETF things
that might use TLS, which I'm sure is some medium sized
chunk of the 1573 [4] references that google scholar throws
up.

Thanks, (or rather, "No, thanks"),
S.

[1] http://www.arkko.com/tools/allstats/citations-rfc5246.html
[2] http://www.arkko.com/tools/allstats/citations-rfc4346.html
[3] http://www.arkko.com/tools/allstats/citations-rfc2246.html
[4]
http://scholar.google.com/scholar?q=http%3A%2F%2Fwww.hjp.at%2Fdoc%2Frfc%2Frfc5246.html&btnG=&hl=en&as_sdt=0%2C5
Received on Friday, 15 November 2013 17:24:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC