W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: HTTP/2 and Pervasive Monitoring

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sat, 16 Aug 2014 11:36:09 +0100
Message-ID: <53EF3419.60207@cs.tcd.ie>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
CC: Greg Wilkins <gregw@intalio.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>


On 16/08/14 07:20, Poul-Henning Kamp wrote:
> --------
> In message <53EEA563.4020703@cs.tcd.ie>, Stephen Farrell writes:
> 
>> PHK and I disagree a bit about the definition of PM in that respect.
>> I conclude that BCP188 would include storing breakable ciphertext in
>> the definition of PM. He doesn't.
> 
> Stephen, you're free to express your own opinion, but I think it
> would be best if you let me express mine.

Apologies. I should have said "I think he doesn't".

...

> The important thing in my straw-man is not if we should or shouldn't
> do it, but the fact that PM can be made impossible with ciphersuites
> you can break in a matter of seconds.

That last is the part with which I disagree. I just don't think its
true, for what I understand as PM, as defined in BCP188.

But I agree with you about the rest, that is, if you said chacha20
and not breakable-cipher then we'd be saying the same thing.

Cheers,
S
Received on Saturday, 16 August 2014 10:36:44 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC