W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Question regarding perfect forward secrecy in http 2.0

From: Carsten Krüger <c.krueger@gmx.org>
Date: Fri, 2 Aug 2013 18:30:41 +0200
Message-ID: <202306844.20130802183041@gmxpro.de>
To: ietf-http-wg@w3.org

first of all sorry for not knowing what happend before in discussion
of http 2.0.

Is it still possible to change the http 2.0 draft in a way that
all traffic is encrypted?
I'd like to suggest perfect forward secrecy encryption even if proper
authentication is not possible or wished.

http2:// is ALWAYS pfs encrytped
https2:// is ALWAYS pfs encrytped and server authenticated

pfs encryption should be not an option but the default for everyone
that uses http2.

At present time (PRISM, tempora etc.) it should be the goal to prevent
passive sniffing of traffic.

Received on Friday, 2 August 2013 16:31:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC