Re: Proposal for doing unauthenticated encryption inside of HTTP/2 from Martin Thomson on 2013-12-03 (ietf-http-wg@w3.org from October to December 2013)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 3 Dec 2013 09:11:20 -0800
To: Paul Hoffman <paul.hoffman@gmail.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <CABkgnnWBTFy+2kbb_vE+PQqsDBA+ERYcrDYHpmhjEc86wK0D+A@mail.gmail.com>

On 3 December 2013 07:24, Paul Hoffman <paul.hoffman@gmail.com> wrote:
> draft-hoffman-httpbis-minimal-unauth-enc

I have a lot of questions, but here's a few to start with:

Why headers and not frames?

Why did you choose to submit a draft that doesn't tackle the key
question of what is being encrypted?

Why did you choose to invent a new security protocol and not repurpose
something like DTLS?

Received on Tuesday, 3 December 2013 17:11:48 UTC