Re: Getting our definitions of encryption straight for the HTTP/2 security discussion from Martin Thomson on 2013-11-21 (ietf-http-wg@w3.org from October to December 2013)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 20 Nov 2013 19:58:55 -0800
To: Paul Hoffman <paul.hoffman@gmail.com>
Cc: Mark Nottingham <mnot@mnot.net>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CABkgnnWpDk2Di5924mrnPLYzmguVmJL3fRjn=5h0_5uYQs3gKw@mail.gmail.com>

On 20 November 2013 17:12, Paul Hoffman <paul.hoffman@gmail.com> wrote:
>
> No. Better-than-nothing is an end-state: definitely unauthenticated.
> Best-effort is a process: try for server-encrypted but fall back to
> better-than-nothing if that isn't possible. If there is a good way to
> indicate that the first two definitions are end states, but the latter two
> are processes, that would be great.

That seems like an important distinction.  If you want to try writing
text up to address those points (process v. end state), I'm sure we
can get that up on the wiki.

Received on Thursday, 21 November 2013 03:59:24 UTC