- From: Salvatore Loreto <salvatore.loreto@ericsson.com>
- Date: Thu, 12 Dec 2013 16:25:08 +0000
- To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- CC: Roberto Peon <grmocg@gmail.com>, Mark Nottingham <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>
On Dec 12, 2013, at 5:01 PM, Nicolas Mailhot <nicolas.mailhot@laposte.net> wrote: > > Le Jeu 12 décembre 2013 16:35, Salvatore Loreto a écrit : > >> The one thing that wouldn’t be addressed by this approach is the potential >> for a “semi-trusted” proxy that can see inside encryption and yet promises >> e2e integrity. So, to me it seems like we should be focusing on the use >> cases that lead us there (rather than on that particular solution, yet). > > IIRC web site and browser people have reaffirmed many times here they > didn't want intermediaries to tamper with content. Which is actually fine > as most intermediaries do not want to tamper in any way, just look at what > goes through and block what they don't like. That's where e2e integrity > comes into play (and as end-user I'd like to have it too). Besides that's > a major part of reassuring users nothing fishy is going on behind their > back Nicolas, actually my point is because with 2.0 most likely there will be only one connection (TLS/TCP) between the browser and the server, in some network environment, like cellular network, it would be quite important for an operator to play with the HTTP2.0 Flow control mechanism in order to provide to the user a great user experience and at same time avoiding the possibility to congest the limited radio bandwidth capacity that has nothing to do with tamper the content neither with sniffing content it has to do with monitoring in support of network operator /Salvatore > > -- > Nicolas Mailhot >
Received on Thursday, 12 December 2013 16:25:42 UTC