W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: authenticated unencrypted

From: Matthew Kerwin <matthew@kerwin.net.au>
Date: Wed, 18 Dec 2013 11:43:26 +1000
Message-ID: <CACweHNBm-EH8GLJM+=SX+FL-BR4ML5qBKje6d1qt1rrtAh1fbg@mail.gmail.com>
To: Patrick McManus <pmcmanus@mozilla.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 18 December 2013 11:25, Patrick McManus <pmcmanus@mozilla.com> wrote:

>
> On Tue, Dec 17, 2013 at 6:50 PM, Matthew Kerwin <matthew@kerwin.net.au>wrote:
>
>>
>> For example, I don't particularly need any of the CC-* content on my
>> website to be encrypted (it's free for everyone to read),
>>
>
> The act of consuming public information requires different protection than
> the information itself because it concerns both the information and the
> consumer. The obvious argument is the public library - there are no secrets
> in the stacks, but the transaction records of a patron's account are held
> to a different standard.
>

If people are that worried about Super Spies seeing that they requested X
documents from my website, including Y HTTP headers, from Z address, then
they don't _have_ to visit my site.  Or, if I'm offering TLS and they are
happy with the processing overhead of en/decrypting the entire
communication* then that's an option.**

* coming back to my understanding that decrypting the entire thing is
pretty expensive, but calculating a checksum/hash and decrypting that is
cheaper.  If that's an incorrect assumption then please correct me.

** currently my entire site is HTTP-only, because my hosts don't even offer
a TLS option unless I pay a somewhat exorbitant amount to upgrade to a "web
commerce" plan, because only "web commerce" people want HTTPS apparently.

Per Martin's suggestion I think I'll take this conversation off the list
now, so as not to add noise over the more important issues.  If I have any
further questions, or come up with a good proposal, I'll come back with it.

Cheers
-- 
  Matthew Kerwin
  http://matthew.kerwin.net.au/
Received on Wednesday, 18 December 2013 01:43:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:20 UTC