W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Question regarding perfect forward secrecy in http 2.0

From: David Morris <dwm@xpasc.com>
Date: Fri, 2 Aug 2013 15:56:42 -0700 (PDT)
To: "'HTTP Working Group'" <ietf-http-wg@w3.org>
Message-ID: <alpine.LRH.2.01.1308021553080.24437@egate.xpasc.com>

No No No ... unless there is a viable spec for intermediaries which
can be known to the user and provide services.

It isn't our role as the IETF to take what I believe is a political
position by insisting all traffic be encrypted. Nor is it our role
to insist on the additional deployement expense related to providing
full encryption as the cost of entry.

On Fri, 2 Aug 2013, Carsten Kr?ger wrote:

> Hello,
> 
> first of all sorry for not knowing what happend before in discussion
> of http 2.0.
> 
> Is it still possible to change the http 2.0 draft in a way that
> all traffic is encrypted?
> I'd like to suggest perfect forward secrecy encryption even if proper
> authentication is not possible or wished.
> 
> http2:// is ALWAYS pfs encrytped
> https2:// is ALWAYS pfs encrytped and server authenticated
> 
> pfs encryption should be not an option but the default for everyone
> that uses http2.
> 
> At present time (PRISM, tempora etc.) it should be the goal to prevent
> passive sniffing of traffic.
> 
> greetings
> Carsten
> 
> 
Received on Friday, 2 August 2013 22:57:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC