W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: How HTTP 2.0 mandatory security will actually reduce my personal security

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Fri, 15 Nov 2013 17:24:29 +0000
Message-ID: <528658CD.70508@cs.tcd.ie>
To: Roberto Peon <grmocg@gmail.com>, Michael Sweet <msweet@apple.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>, Bruce Perens <bruce@perens.com>


On 11/15/2013 05:18 PM, Roberto Peon wrote:
> and even
> submitted and contributed to a couple of drafts on the topic.

I don't know if you mean a TLS MITM proposal or something

In the former case, please accompany any such proposal with
an analysis of the set of 176 RFCs [1] that reference 5246
and the 91 that refer to 4246 [2] and the 167 that refer to
2246 [3] to demonstrate that MITM'ing all of those is a good
and safe plan. And of course that ignores the non-IETF things
that might use TLS, which I'm sure is some medium sized
chunk of the 1573 [4] references that google scholar throws

Thanks, (or rather, "No, thanks"),

[1] http://www.arkko.com/tools/allstats/citations-rfc5246.html
[2] http://www.arkko.com/tools/allstats/citations-rfc4346.html
[3] http://www.arkko.com/tools/allstats/citations-rfc2246.html
Received on Friday, 15 November 2013 17:24:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:19 UTC