Re: Getting our definitions of encryption straight for the HTTP/2 security discussion from Michael Sweet on 2013-11-20 (ietf-http-wg@w3.org from October to December 2013)

From: Michael Sweet <msweet@apple.com>
Date: Wed, 20 Nov 2013 18:02:59 -0500
To: Paul Hoffman <paul.hoffman@gmail.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-id: <28CE2112-8B69-4084-82FE-7F13C05BD01C@apple.com>

My only comment is that current HTTP/1.1 supports opportunistic encryption via RFC 2817 (HTTP Upgrade to TLS).  Both the client and server can initiate an upgrade.


On Nov 20, 2013, at 4:24 PM, Paul Hoffman <paul.hoffman@gmail.com> wrote:

> Greetings again. Over the past weeks, people are sometimes talking past each other when they say they want to "always encrypt" HTTP/2 traffic. In specific, many people have used the term "opportunistic encryption" in very different ways without knowing it.
> 
> To help people at least understand what each other might be saying in the future, I created a page with some definitions that hopefully everyone can use. Comments are welcome.
> 
> http://trac.tools.ietf.org/wg/httpbis/trac/wiki/encryption-definitons
> 
> --Paul Hoffman

_______________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair

Received on Wednesday, 20 November 2013 23:03:29 UTC