- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 13 Jul 2012 18:21:30 +0000
- To: James M Snell <jasnell@gmail.com>
- cc: Tim Bray <tbray@textuality.com>, Phillip Hallam-Baker <hallam@gmail.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
In message <CABP7RbcVOEfnzg1A+x8NsOu+Gp2OtnHnVvWmLyQUM+QUMLNsUw@mail.gmail.com> , James M Snell writes: >Definitely a tricky thing here because of the competing interests and >requirements at play. Transport-layer secure provides the necessary >protection against snoopers but makes the efficient routing and >handling of the communication via intermediaries far more difficult. I still don't agree. The envelope is where you write who you want your adversary to think you are communicating with. This may or may not be who you actually are communicating with. TLS communication today already have an envelope consisting of IP# + TCP port numbers, and unless your adversary is totally incompetent, he also has the DNS lookup that gave you that IP#. QED: Putting the "Host:" in the HTTP envelope does not leak any information your adversary doesn't already have or can guess. Even if we stopped here, it would be a major benefit over TLS in terms of enabling websites to roll out protection for their customers. To make it better, we need to add a session identifier, but today we pretend HTTP is stateless so we don't have one (so people hack it with cookies). Finally, to do what people do today we would need to include the URI, but that is by far the most troublesome of the three fields. I belive, but it should be seriously investigated, that if we add a session-concept to HTTP2, the envelope would just need to be Host: + session-nonce. In difference from TLS, that would allow us to mix protected and unprotected traffic on the same TCP connection, thus avoiding the extra TCP for protection upgrade, and making life much easier and efficient for proxies. It also means that you do not need to put your certificate on the HTTP router/load-balancer, but can put it on the specific webservers which host the protected stuff. SSL/TLS was a quick hack to protect HTTP, one of the far too many quick hacks in HTTP world. We should try to eliminate them. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 13 July 2012 18:21:53 UTC