W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Question regarding perfect forward secrecy in http 2.0

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 03 Aug 2013 11:42:38 +1200
Message-ID: <51FC43EE.60505@treenet.co.nz>
To: ietf-http-wg@w3.org
On 3/08/2013 10:56 a.m., David Morris wrote:
> No No No ... unless there is a viable spec for intermediaries which
> can be known to the user and provide services.
> It isn't our role as the IETF to take what I believe is a political
> position by insisting all traffic be encrypted. Nor is it our role
> to insist on the additional deployement expense related to providing
> full encryption as the cost of entry.

   The WG charter had a key requirement to make HTTP/2 operate over the 
same infrastructure used for HTTP/1. That necessarily means HTTP/2 needs 
to be an open protocol which can be delivered over both secured (TLS) 
and non-secured (TCP) mediums.
  * TLS provides the requirements for perfect forward secrecy *if* used 
that way.
  * The application-layer transactions and payloads being delivered are 
free to contain any additional security required beyond what TLS offers 
(ie DRM-like encryption features on the payload).

The existing HTTP/1 infrastructure already provides perfect forward 
secrecy in the same ways. The problem is just that almost nobody is 
using it, and those who are often choose partial secrecy over perfect.


> On Fri, 2 Aug 2013, Carsten Kr?ger wrote:
>> Hello,
>> first of all sorry for not knowing what happend before in discussion
>> of http 2.0.
>> Is it still possible to change the http 2.0 draft in a way that
>> all traffic is encrypted?
>> I'd like to suggest perfect forward secrecy encryption even if proper
>> authentication is not possible or wished.
>> http2:// is ALWAYS pfs encrytped
>> https2:// is ALWAYS pfs encrytped and server authenticated
>> pfs encryption should be not an option but the default for everyone
>> that uses http2.
>> At present time (PRISM, tempora etc.) it should be the goal to prevent
>> passive sniffing of traffic.
>> greetings
>> Carsten
Received on Friday, 2 August 2013 23:43:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC