- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sun, 14 Jul 2013 23:00:38 +0000
- To: Mark Nottingham <mnot@mnot.net>
- cc: Roberto Peon <grmocg@gmail.com>, J Ross Nicoll <jrn@jrn.me.uk>, HTTP Working Group <ietf-http-wg@w3.org>
In message <2F43265D-E004-4038-AD79-8BC2D968C585@mnot.net>, Mark Nottingham wri tes: >I have no problem using HTTP/2 as a way to drive these discussions and >consolidate the efforts by requiring particular things to be done when >you use the protocol. However, we can't fix the whole world here; we >need to stay focused. Indeed we can not, but I think the shift in security perceptions PRISM have caused needs to inform us nontheless. For instance, it is now naive to assume that the only encryption which will ever be used around HTTP/2.0 is going to be SSL/TLS. We have thankfully settled that HTTP/2.0 can be moved on any transparent byte-pipe. But maybe it would be a good idea to also expressly tag the frames which needs cryptographic protection (object bodies) and which does not (house keeping, routing envelopes, headers), in order to enable future encryption schemes which are not stream, but message based ? It would be sad to spend this much effort to build the last tea-clipper. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 14 July 2013 23:01:04 UTC