W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Mandatory encryption *is* theater

From: Michael Sweet <msweet@apple.com>
Date: Sun, 25 Aug 2013 23:52:38 -0400
Cc: Salvatore Loreto <salvatore.loreto@ericsson.com>, ietf-http-wg@w3.org
Message-id: <35B29715-0DFF-4502-AC66-093CFF900256@apple.com>
To: Willy Tarreau <w@1wt.eu>
This was already done: RFC 2817

(and FWIW this is fairly widely implemented for printing - CUPS has supported it for a very long time and many printers support it today)

On 2013-08-25, at 3:25 AM, Willy Tarreau <w@1wt.eu> wrote:

> On Sun, Aug 25, 2013 at 09:10:16AM +0200, Salvatore Loreto wrote:
>> I don't think we were questioning the possibility to speak between 
>> client and server
>> without any encryption if both parties agree to speak in clear (i.e. TLS 
>> is not mandatory to use)
>> The hum, at least how I understood it, was only in favor to investigate 
>> a way to provide
>> from one side equal power to the client:
>> i.e. to provide to the client the possibility to require/negotiate the 
>> use of encryption;
>> and from the other side provide to the client the possibility to 
>> discovery the interposition
>> and then eventually interact with that proxy in between.
> OK, basically a user-chosen STARTTLS that the server can refuse, then
> the user decides what to do. It could make sense if everyone in the
> chain implements support for at least the clear mode. At least that's
> my understanding.
> Willy

Michael Sweet, Senior Printing System Engineer, PWG Chair
Received on Monday, 26 August 2013 03:53:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC