- From: Phillip Hallam-Baker <hallam@gmail.com>
- Date: Wed, 18 Jul 2012 12:15:23 -0400
- To: Paul Hoffman <paul.hoffman@gmail.com>
- Cc: Carsten Bormann <cabo@tzi.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Requiring TLS for server authentication would still be bad design because the security requirement in most cases is mutual authentication and TLS without encryption is not a good approach to mutual auth. On Wed, Jul 18, 2012 at 11:50 AM, Paul Hoffman <paul.hoffman@gmail.com> wrote: > Given your views, would it be a good protocol design to require TLS > for server authentication, and to allow but not require encryption? > That is, do you think HTTP 2.0 with no mandatory server authentication > is a good or bad protocol design? > > --Paul Hoffman > -- Website: http://hallambaker.com/
Received on Wednesday, 18 July 2012 16:15:54 UTC