W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Getting our definitions of encryption straight for the HTTP/2 security discussion

From: Michael Sweet <msweet@apple.com>
Date: Wed, 20 Nov 2013 18:02:59 -0500
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-id: <28CE2112-8B69-4084-82FE-7F13C05BD01C@apple.com>
To: Paul Hoffman <paul.hoffman@gmail.com>
My only comment is that current HTTP/1.1 supports opportunistic encryption via RFC 2817 (HTTP Upgrade to TLS).  Both the client and server can initiate an upgrade.

On Nov 20, 2013, at 4:24 PM, Paul Hoffman <paul.hoffman@gmail.com> wrote:

> Greetings again. Over the past weeks, people are sometimes talking past each other when they say they want to "always encrypt" HTTP/2 traffic. In specific, many people have used the term "opportunistic encryption" in very different ways without knowing it.
> To help people at least understand what each other might be saying in the future, I created a page with some definitions that hopefully everyone can use. Comments are welcome.
> http://trac.tools.ietf.org/wg/httpbis/trac/wiki/encryption-definitons
> --Paul Hoffman

Michael Sweet, Senior Printing System Engineer, PWG Chair

Received on Wednesday, 20 November 2013 23:03:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:20 UTC