W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Pervasive encryption: Pro and contra

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sun, 17 Nov 2013 16:07:54 +0000
Message-ID: <5288E9DA.3060002@cs.tcd.ie>
To: Zhong Yu <zhong.j.yu@gmail.com>
CC: Robert Collins <robertc@squid-cache.org>, Tim Bray <tbray@textuality.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>


On 11/17/2013 04:03 PM, Zhong Yu wrote:
> You are right. I used an inappropriate word, you spotted it and my
> whole argument collapses.
> 
> So, what are we going to tell people about the security of HTTP/2.0?

First, I'd tell them not to take everything they've seen on this
list in the last few days as being authoritative. The ramifications
of the current plan are still being figured out as far as I can
see.

And then *after* that is figured out, you could tell them about the
security of HTTP/2.0. In other words, its probably a bit early to
be writing the user guide:-)

S.


> 
> 
> 
> On Sun, Nov 17, 2013 at 9:57 AM, Stephen Farrell
> <stephen.farrell@cs.tcd.ie> wrote:
>>
>>
>> On 11/17/2013 03:54 PM, Zhong Yu wrote:
>>> Is HTTP/2.0 going to promise people that their conversations are now
>>> unbreakable?
>>
>> Terms like unbreakable are irrelevant here. Anyone who makes any
>> such claim, or uses any such claim to argue anything, is talking
>> nonsense from a security point of view.
>>
>> Neither the opponents of, nor proponents for, more use of TLS
>> gain anything with such bogus arguments.
>>
>> S.
> 
> 
> 
Received on Sunday, 17 November 2013 16:08:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC