Re: PRISM and HTTP/2.0

On Sun, Jul 14, 2013 at 12:41 AM, J Ross Nicoll <jrn@jrn.me.uk> wrote:
> Bogus certificates and server-side backdoors seem inevitable, at least in
> the current political climate. I don't think any realistic changes at the
> transport layer will affect that (unrealistic changes would include "move to
> a web of trust").

Not sure if it would be within the possibilities of this WG to define
an optional public key hash in HTTP URIs. If a link contains such a
hash of the public key of the target this would protect against
attacks from a root-certificate holding man in the middle. It wouldn't
be a full move to a web of trust nor a replacement of the uri-scheme
as with the httpsy proposal just an optional additional security that
works alongside as well as without the PKI provided trust.

Cheers,
Reto

Received on Monday, 15 July 2013 16:19:48 UTC