Re: Response to HTTP2 expresions of interest

In message <CAHBU6itLXj1W2uGEFvMEemi5hBrYjmaeYq-8b0oJvzKdvCh34Q@mail.gmail.com>
, Tim Bray writes:

>How much information needs to be in the unprotected envelope?  Because one
>of the benefits of transport-level security is that a snooper, for example
>a government tracking dissidents, knows little/nothing about my traffic
>aside from the routing.  Not a rhetorical question.  -Tim

And this is exactly about the routing.

The three fields that today should be part of the envelope is
"Host:", URI (Sans query part) and Session-Nonce.  (Since we don't
actually have a session-nonce, today people route on cookies.)

And like all other message transfer systems from snail-mail and
forward, the envelope need not give anything away, because what you
put on it only have to get the message to the right place, it doesn't
have to _be_ the message.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Friday, 13 July 2012 17:59:35 UTC