- From: 陈智昌 <willchan@google.com>
- Date: Sun, 25 Aug 2013 23:29:38 +0800
- To: Eliot Lear <lear@cisco.com>
- Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>, Roberto Peon <grmocg@gmail.com>, Yoav Nir <ynir@checkpoint.com>
- Message-ID: <CAA4WUYiPPqzNcLwZf2GP1QRGWi0Y-4CuMyQdk4ZS=gD76q3gRQ@mail.gmail.com>
On Aug 25, 2013 5:02 PM, "Eliot Lear" <lear@cisco.com> wrote: > > I'm answering a few messages at once, starting with Will's & Roberto's, and then going on to Yoav's, > > Will, you asked: > >> Eliot, can you clarify what section of the minutes you're responding to? > > > Yes. Starting with: >> >> SPDY introduced Madatory [sic] to Use Security; this was >> discussed for HTTP2.0; the working group declined, because of use cases like >> back end services. > > > Certainly home services can't be considered "backend" and most enterprises uses could only be considered "backend" with the broadest use of the term. In short, there were many reasons why the group came to the decision it came to. And then moving on, Mark said: OK I see. Sure, we can discuss previously decided matters on mandatory to use security, but I'm not very interested. I'm at this moment more interested in the discussion around mandatory to offer encryption. If people are interested in clarifying the reasons they disagreed with mandatory to use security, go ahead and I'll stay out of the way. > >> Mark says "mandatory to offer" is closer to what he said. > > > Which is in effect mandating of encryption. After all, how can the server offer it if it doesn't support it or if a proper certificate isn't configured. And the complexity issue arises as well. The 2nd hum as stated in the minutes was a vague question, as I wasn't in the room at that precise moment, that's what I'm going by. If your point is mandatory to offer encryption => mandatory to use encryption, then I am happy to discuss this. There's a key distinction that may be getting lost here. Yes, the proposal is that it is mandatory for the server to implement and offer encryption. But it's not mandatory for a client to choose to use encrypted HTTP/2. Another key distinction is encryption does not require authentication, so a proper cert is not mandatory. I'm surprised you mention requiring a proper cert given that you clearly understand a proper cert isn't necessary, given your reply to Yoav below. I think it's worthwhile to discuss the asserted benefit, but any statement about the current proposal requiring proper certificates sounds factually incorrect as far as I can tell. Did I miss something here? > > Yoav, you wrote: > > > On 8/25/13 9:33 AM, Yoav Nir wrote: >> >> Hi Eliot. >> >> Your message implies that the choice is between cleartext HTTP and an annual fee to a certificate vendor. > > > Yes. Maybe really large enterprises have their own CA or even PCA, but the cost still has to be paid for that. > >> >> >> IETF standards provide at least two other options: >> >> DANE allows you to use a self-issued certificate and register the key in the DNS. This is not implemented in the many thousands of small devices that you mention, or in any browser, but then neither is HTTP/2. > > > I agree with you, except for your last assertion - http2 is being implemented in several browsers. I think it would great if those who hummed for this discussion exerted some effort to support DNSSEC and then DANE. > > >> There is a deployment issue in that publishing a random RR is a non-trivial process. For example, [1] makes no mention of how to generate TLSA records, and GoDaddy (largest registrar in the world) has nothing about it in their support. But all that could change. > > > The principal issue with DANE is its dependency on DNSSEC. As nearly large an issue is the publication of different RRs. That is a big deal (see the IETF main list and the discussion of SPF), but probably not appropriate here. > > >> >> >> TLS as anonymous ciphersuites that do not require a certificate at all. True, these ciphersuites do not protect against on-path attacks, but they do stop passive listeners, and there is some value in that. Not enough to call it "HTTPS", but it is better than nothing. And the application can still use some channel binding to discover the MitM, such as Trevor's Smart Cookie proposal where the cookie (which is a secret shared by client and server) is bound to the current master secret ([3]). Even without this, defeating passive listeners is a worthy goal. > > > Yes, but I would be concerned about the benefit being overstated. I say this because the reason the chair revisited the discussion is as follows: > >> There is new information; there are widespread deployments of sniffers. More >> details have since been released. As Chair, Mark felt that this was enough to >> re-open the discussion. > > > Anonymous cypher suites might well have changed the character of this problem, but probably not have reduced it, and may have introduced unintended consequences. They still may help with the so-called "Starbucks" problem, but to me that problem is better dealt with at a lower layer so that ALL communications on that network can be protected. I also believe that the underlying issues of the above quoted statement lie elsewhere (about 3 to 4 layers above HTTP). Again, let's tease out the threat. > > Eliot
Received on Sunday, 25 August 2013 15:30:06 UTC