- From: Martin Nilsson <nilsson@opera.com>
- Date: Fri, 15 Aug 2014 14:43:25 +0200
- To: ietf-http-wg@w3.org
On Fri, 15 Aug 2014 13:25:36 +0200, Mark Nottingham <mnot@mnot.net> wrote: > Hi PHK, > > On 15 Aug 2014, at 7:16 pm, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: >> Straw-man: >> ---------- >> >> http:/ can use TLS with *arbitrarily weak* crypto algorithms, >> and no authentication, and it is treated *exactly* like >> HTTP/1.1 plaintext by browsers. >> >> https:/ uses authenticated TLS with strong crypto, as today, >> and indicates this with the well-known changes in browser >> behaviour. > > It sounds like you're proposing that we allow weaker ciphersuites for > the Opp-Sec draft. > > That hasn't been discussed explicitly before IIRC, but it shares an > issue that we did previously discuss; if you're not authenticating the > Opp-Sec traffic, you want it to look as much like "real" TLS traffic as > possible, so that an attacker doesn't know which connections it can MITM > without being caught. What you can do in an MITM scenario isn't really relevant to PM. It's still harder to MITM weak TLS than clear text. I think it is more worrisome having the weak ciphers in there at all, as it opens up for bad configurations and downgrade attacks of https connections. /Martin Nilsson -- Using Opera's mail client: http://www.opera.com/mail/
Received on Friday, 15 August 2014 12:43:56 UTC