W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: TLS at transport level vs stream multiplexing and aggregation (http "routers")

From: James M Snell <jasnell@gmail.com>
Date: Sun, 17 Nov 2013 15:23:56 -0800
Message-ID: <CABP7Rbf0F0UvyNwe4o64zaYn57uSgVNQpJq=ffx1U2rniGjpAw@mail.gmail.com>
To: Roberto Peon <grmocg@gmail.com>
Cc: Adrien de Croy <adrien@qbik.com>, Mike Belshe <mike@belshe.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, Willy Tarreau <w@1wt.eu>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
It's definitely worth exploring more.  I've done some experimentation with
it as well.  There are a host of issues that jump out immediately but the
overall concept of http2 stream level encryption is theoretically sound.
On Nov 17, 2013 3:08 PM, "Roberto Peon" <grmocg@gmail.com> wrote:

> There are interesting security implications of interlacing unencrypted and
> encrypted data which I'm fairly sure have not at all been
> analyzed/experimented with.
> This was one of the reasons why we originally thought about, but did not
> implement, encryption as an upper, rather than lower layer.
> WS does do masking, but that is a fair bit less involved than TLS, which
> requires bidirectional communication and is more involved.
> Again, I think it is an interesting thing to experiment with, and think
> that it will absolutely require lots of analysis and experience...
> -=R
> On Sun, Nov 17, 2013 at 2:56 PM, Willy Tarreau <w@1wt.eu> wrote:
>> On Sun, Nov 17, 2013 at 02:30:03PM -0800, Roberto Peon wrote:
>> > Sounds like an interesting experiment (as Mike already said, we
>> considered
>> > this way back when).
>> yes, and it's already more or less what's done with WebSocket if my
>> memory serves me right, as the masking is per message and I believe
>> per channel when mux is used.
>> I would personally like to see encryption used only on what *needs*
>> to be encrypted so that "routing" HTTP doesn't require decrypting
>> for most standard cases. We're not there yet...
>> Willy
Received on Sunday, 17 November 2013 23:24:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:20 UTC