- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Wed, 20 Nov 2013 23:06:30 +0000
- To: Yoav Nir <synp71@live.com>, ietf-http-wg@w3.org
On 11/20/2013 10:46 PM, Yoav Nir wrote: > On 20/11/13 11:24 PM, Paul Hoffman wrote: >> Greetings again. Over the past weeks, people are sometimes talking >> past each other when they say they want to "always encrypt" HTTP/2 >> traffic. In specific, many people have used the term "opportunistic >> encryption" in very different ways without knowing it. >> >> To help people at least understand what each other might be saying in >> the future, I created a page with some definitions that hopefully >> everyone can use. Comments are welcome. >> >> http://trac.tools.ietf.org/wg/httpbis/trac/wiki/encryption-definitons >> >> --Paul Hoffman > Too bad Authenticated Encryption has another meaning, but I think this > terminology is clear enough. > > But your 'best effort' and the one for 'opportunistic' seem to be such > that encryption always happens, but it could be authenticated or > unauthenticated. We need a term for a process where encryption may or > may not happen, and if it does, it may or may not be authenticated. If we need to debate these terms before they're useful enough for this wg, then I suggest we do that on the saag list so as not to further confuse things here. If however these are good enough for the httpbis wg's current discussion, then I'd say let's just go with what Paul suggests. And while I'd define things differently, I do think these are good enough for here and now so I'd suggest just trying to use 'me here (but adding more as needed) and after this wg are done with this discussion we can take this to saag and consider it in a broader context at more leisure. S. > > Yoav > >
Received on Wednesday, 20 November 2013 23:06:56 UTC