W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Pervasive encryption: Pro and contra

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sun, 17 Nov 2013 15:49:13 +0000
Message-ID: <5288E579.9030005@cs.tcd.ie>
To: Tim Bray <tbray@textuality.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>

So you seem to be assuming mnot's plan, and not the variant
where http:// URIs in HTTP/2.0 use non-authenticated TLS.
I still prefer that latter, which has more pros and fewer
cons I think, though its details need to be figured out.

My take:

Add:

P3: Firesheep.

P4: Security that is more than just MTI is much more likely
to be tested and have fewer interop problems that if the
same mechanisms are optional.

P5: Belshe's comment: the more security is built-in the less
you need to ask the user about.

Cheers,
S.
Received on Sunday, 17 November 2013 15:49:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC