W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: IAB statement on draft-farrell-perpass-attack-00

From: Frode Kileng <frodek@tele.no>
Date: Thu, 28 Nov 2013 17:50:18 +0100
Message-ID: <5297744A.7060606@tele.no>
To: ietf-http-wg@w3.org
On 28.11.2013 03:02, Mark Nottingham wrote:
[....]
> So far, our discussion has encompassed mandatory HTTPS (which has been controversial, but also seems likely to be in some of the first implementations of HTTP/2.0) and opportunistic encryption (which seems to have decent support in principle, but there also seems to be some reluctance to implement, if I read the tea leaves correctly). Either of those would probably "adequately address" if we wrote them into HTTP/2.0.
>
> Alternatively, it may be that we don't address pervasive monitoring in the core HTTP/2.0 document itself, since HTTP is used in a such a wide variety of ways, but instead "adequately address" in a companion document. One proposal that might have merit is shipping a "HTTP/2.0 for Web Browsing" document and addressing pervasive monitoring there.

Or we solve this for HTTP/2.0 and leave non-encrypted to a separate 
HTTP/I-dont-care-about-security-or-MITM-attack specification or special 
purpose implementations.

There's a lot of interesting business opportunities in developing 
special-purpose implementations to solve many of the use-cases that has 
been identified (kid-safe-surfing, transparent caching/optimizers, 
please-remove-any-virus, 
strict-controlled-surfing-for-prisons/enterprises, etc).

just my 5 cent...

frodek
Received on Thursday, 28 November 2013 16:50:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC