W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Call for Adoption: Encrypted Content Encoding

From: Kyle Rose <krose@krose.org>
Date: Tue, 1 Dec 2015 13:25:41 -0500
Message-ID: <CAJU8_nX_h+eiTABOazjSXTKEoGSCMVqS6D1znrP8tK=BoEVq_A@mail.gmail.com>
To: Roland Zink <roland@zinks.de>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Amos Jeffries <squid3@treenet.co.nz>
Now that I'm not running off to lunch, I can finish my thought.

Clearly, there are delivery scenarios in which the characteristics I
outlined in my OP (time-shifting, offline, multiple recipients,
confidentiality from untrusted intermediate nodes) are requirements,
so it's going to happen anyway. This proposal is useful because it's
better for the implementation meeting those requirements to be a
standard.

Kyle

On Tue, Dec 1, 2015 at 12:01 PM, Kyle Rose <krose@krose.org> wrote:
>> One reason is a mistyping. Actually it should be HTTPS instead of TLS. HTTPS
>> can establish an end-to-end TLS connection through proxies using CONNECT
>> requests over several TCP connections. In your definition this doesn't make
>> a difference I guess.
>
> No, that seems to be a legitimate use of "end-to-end", which IMO just
> adds further credence to the viewpoint that the two terms are actually
> orthogonal to topology. Regardless of the other connotations it might
> evoke, "end-to-end security" is probably best defined as "only the
> sender and authorized users of the data have access to the cleartext",
> whereas "point-to-point security" allows for such access to
> intermediate nodes.
>
> Kyle
Received on Tuesday, 1 December 2015 18:26:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC