W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-02.txt

From: (wrong string) 陈智昌 <willchan@chromium.org>
Date: Thu, 12 Dec 2013 12:18:00 -0800
Message-ID: <CAA4WUYj6fEHYh8pJo+mgoygnaBN2Xba+130dTEUaScUd6s_QsQ@mail.gmail.com>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Patrick McManus <mcmanus@ducksong.com>, Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Dec 12, 2013 at 12:09 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote:
>
>>I respect the goals behind opportunistic encryption, but it is
>>*unclear* to me if it is actually a net positive. There are definitely
>>a lot of things to like about it which I think have already been
>>covered. But I'm concerned that the risk of hurting HTTPS adoption is
>>real and significant.
>
> When you say "HTTPS adoption" do you mean HTTPS as we know it, with
> trojaned CA's or do you mean some future variant where the authentication
> is actually worth something when it comes to trust ?

I mean HTTPS as we know it and believe we should work on fixing
existing PKI issues. I am a fan of work like public key pinning
(https://www.imperialviolet.org/2011/05/04/pinning.html).

>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk@FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 12 December 2013 20:18:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC