W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: SSL/TLS everywhere fail

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 8 Dec 2015 00:19:59 +1100
Message-ID: <CABkgnnUWqdhcQwRDS7bPRvf0sqf_5iHQEOpSm8LM-V8y_AFosA@mail.gmail.com>
To: Cory Benfield <cory@lukasa.co.uk>
Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Jacob Appelbaum <jacob@appelbaum.net>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
On 8 December 2015 at 00:11, Cory Benfield <cory@lukasa.co.uk> wrote:
>> Let’s take draft-thomson-signing and draft-thomson-encryption, and have them both normatively reference a draft that talks about key distribution. We don’t have to detail it in those drafts, but in my view we absolutely have to talk about it somewhere.

I apologize for missing this, I think that it's an important question
to address... (In my defence, the amount of digital ink spilled here
is beyond my current ability to track.)

I don't think that this is a sensible strategy.  There are a few uses
already for both drafts, both of which have very different key
management strategies.  Attempting to button this down in the way you
suggest would necessarily bless or condemn a whole range of
Received on Monday, 7 December 2015 13:20:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:40 UTC