Re: PRISM and HTTP/2.0

In message <2F43265D-E004-4038-AD79-8BC2D968C585@mnot.net>, Mark Nottingham wri
tes:

>I have no problem using HTTP/2 as a way to drive these discussions and 
>consolidate the efforts by requiring particular things to be done when 
>you use the protocol. However, we can't fix the whole world here; we 
>need to stay focused.

Indeed we can not, but I think the shift in security perceptions
PRISM have caused needs to inform us nontheless.

For instance, it is now naive to assume that the only encryption
which will ever be used around HTTP/2.0 is going to be SSL/TLS.

We have thankfully settled that HTTP/2.0 can be moved on any
transparent byte-pipe.

But maybe it would be a good idea to also expressly tag the frames
which needs cryptographic protection (object bodies) and which does
not (house keeping, routing envelopes, headers), in order to enable
future encryption schemes which are not stream, but message based ?

It would be sad to spend this much effort to build the last tea-clipper.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Sunday, 14 July 2013 23:01:04 UTC