W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Getting our definitions of encryption straight for the HTTP/2 security discussion

From: Yoav Nir <synp71@live.com>
Date: Thu, 21 Nov 2013 00:46:15 +0200
Message-ID: <BLU0-SMTP108E9E0D1D7A7C4308E1FE4B1E60@phx.gbl>
To: ietf-http-wg@w3.org
On 20/11/13 11:24 PM, Paul Hoffman wrote:
> Greetings again. Over the past weeks, people are sometimes talking 
> past each other when they say they want to "always encrypt" HTTP/2 
> traffic. In specific, many people have used the term "opportunistic 
> encryption" in very different ways without knowing it.
>
> To help people at least understand what each other might be saying in 
> the future, I created a page with some definitions that hopefully 
> everyone can use. Comments are welcome.
>
> http://trac.tools.ietf.org/wg/httpbis/trac/wiki/encryption-definitons
>
> --Paul Hoffman
Too bad Authenticated Encryption has another meaning, but I think this 
terminology is clear enough.

But your 'best effort' and the one for 'opportunistic' seem to be such 
that encryption always happens, but it could be authenticated or 
unauthenticated. We need a term for a process where encryption may or 
may not happen, and if it does, it may or may not be authenticated.

Yoav




Received on Wednesday, 20 November 2013 22:47:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC