W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Getting our definitions of encryption straight for the HTTP/2 security discussion

From: Adrien de Croy <adrien@qbik.com>
Date: Thu, 21 Nov 2013 00:40:36 +0000
To: "Paul Hoffman" <paul.hoffman@gmail.com>, "Manger, James H" <James.H.Manger@team.telstra.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <em25037bb8-5bc1-4f93-ae29-9875b1ec813e@bodybag>

Hi Paul

not sure I like much the text for the opportunistic.

STARTTLS in SMTP/IMAP works by the server firstly advertising 
availability of encryption.  This would only trigger a client to 
actually ask for it only if the client were so configured.  In many mail 
clients for instance, this won't actually cause any encryption to happen 
at all with default config.  So there's no contract about making any 
best effort to achieve crypto.  It can be no effort and no crypto and 
commonly is.

So maybe this doesn't describe what is meant by opportunistic encryption 
and we need another term, or do we change the meaning?

Adrien






------ Original Message ------
From: "Paul Hoffman" <paul.hoffman@gmail.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Sent: 21/11/2013 1:20:04 p.m.
Subject: Re: Getting our definitions of encryption straight for the 
HTTP/2 security discussion
>I agree that my earlier term  "authenticated encryption" would have 
>collisions with other technologies, and I updated the definitions to 
>match James' wording.
Received on Thursday, 21 November 2013 00:40:20 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC