Re: How HTTP 2.0 mandatory security will actually reduce my personal security from Mark Nottingham on 2013-11-15 (ietf-http-wg@w3.org from October to December 2013)

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 15 Nov 2013 16:11:16 +0800
To: Tim Bray <tbray@textuality.com>
Cc: Roberto Peon <grmocg@gmail.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Bruce Perens <bruce@perens.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <272CA0E0-91AA-4EBB-964B-204BC1C1FEDC@mnot.net>

And that’s reflected in the issues list:
  https://github.com/http2/http2-spec/issues/315

It’s on hold because we don’t yet have any implementer interest in it; if that changes, we’ll talk about it again. Informally, folks have said that they want to see how the HTTPS approach worked out first.


On 15 Nov 2013, at 3:36 pm, Tim Bray <tbray@textuality.com> wrote:

> No objection, but in Vancouver, there seemed to be quite a few voices saying that trying for opportunistic encryption, even of http:-scheme connections, was a good idea if technically achievable. I’d certainly be in favor. 
> 
> 
> On Thu, Nov 14, 2013 at 11:32 PM, Roberto Peon <grmocg@gmail.com> wrote:
> For 1,2: How is this not orthogonal to the rest of the discussion?
> For 3: I'm assuming you mean because the data is encrypted. You can MITM this.
> 
> Just to be sure we're all on the same page here (because it seems that we're not):.
>   As I understand it, the proposal is:
>     For web activity on the "open internet", if the scheme is https, attempt to use http/2 over an encrypted, authenticated channel.
>     For web activity on the "open internet", if the scheme is http, use http/1 over an unencrypted, plaintext channel.
>     For activity on a private network: use any combination of {authenticated, unauthenticated}{encrypted, unencrypted}{http2,http1} you desire.
>  
> Is there an objection to this?
> -=R
> 
> 
> On Thu, Nov 14, 2013 at 11:16 PM, Nicolas Mailhot <nicolas.mailhot@laposte.net> wrote:
> 
> Le Ven 15 novembre 2013 07:57, Roberto Peon a écrit :
> > What is your threat model?
> 
> The threat model is
> 1. developer that makes information leak trough incompetence, laziness,
> sloppiness or greed (cf all the info your average android app wants to
> access)
> 2. attacker that does not need to penetrate target anymore can just
> collect the leaked info at endpoints (see also: Snowden)
> 3. protocol that prevents anyone doing anything about it by default
> 
> --
> Nicolas Mailhot
> 
> 
> 

--
Mark Nottingham   http://www.mnot.net/

Received on Friday, 15 November 2013 08:11:45 UTC