- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Fri, 13 Jul 2012 20:37:49 +0000
- To: Nico Williams <nico@cryptonector.com>
- cc: HTTP Working Group <ietf-http-wg@w3.org>
In message <CAK3OfOhrjOTa5miWJdDd4_gEHHCD4rODwjwtEQz248yfqfjueg@mail.gmail.com> , Nico Williams writes: >3) The GSS-API is a very large API, yes, but typical applications use >only a very small subset of the available GSS functions. Just out of curiosity: Does that really sound like good security engineering for a narrow-scope protocol like HTTP/2 to you ? It certainly sounds wrong to me. It almost certainly IS wrong, if the goal is to get as many mediocre programmers as possible to implement protection correctly. One of the main reasons Varnish does not support HTTPS is the the quality of the APIs available, and the elephantine amounts of needless generality behind them. I know crypto is never simple, but arguing that it comes with a lot of complexity that most users don't need, is not a winning argument in my book. Crypto for HTTP/2.0 should be specified in a way which is very hard to do wrong, not very hard to do right. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 13 July 2012 20:38:13 UTC