Re: Protocol Design 101 (Re: Mandatory encryption)

On Jul 18, 2012, at 17:50, Paul Hoffman wrote:

> Given your views, would it be a good protocol design to require TLS
> for server authentication, and to allow but not require encryption?
> That is, do you think HTTP 2.0 with no mandatory server authentication
> is a good or bad protocol design?

I don't think there is a big difference between encryption and authentication in this argument.
Authentication only is indeed lower-cost: It carries a lower processing cost than encryption, and more importantly it does not reduce the visibility by intermediaries (firewalls, debugging setups, surveillance) as much.  But there is still considerable onus on the process side (getting the certificates out to both ends etc.; deciding what trust models for establishing authentication are appropriate in the first place...).

My summary would be that designing the protocol so it forces mandatory authentication is just the same mistake, only less so.

None of this argument is against the mechanism of TLS by the way: we could run TLS with null encryption and permissive authentication.
But then we are down to cost arguments (round trips, complexity etc.).  If "address ownership" is the right level of authentication for an application (say, getting today's weather maps), I'd say use it.  The trouble here is that we hide the quality of that authentication from users (think DSL at home vs. open WiFi at Starbucks).  We need to expose more of these leaky abstractions!

Gre, Carsten

Received on Wednesday, 18 July 2012 16:22:27 UTC