- From: Paul Hoffman <paul.hoffman@gmail.com>
- Date: Tue, 3 Dec 2013 09:32:37 -0800
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-ID: <CAPik8yaMWxCoYCzcSW8Fq3oC1+=2WdpdpXdPTOwmVWd70iYuzQ@mail.gmail.com>
On Tue, Dec 3, 2013 at 9:11 AM, Martin Thomson <martin.thomson@gmail.com>wrote: > On 3 December 2013 07:24, Paul Hoffman <paul.hoffman@gmail.com> wrote: > > draft-hoffman-httpbis-minimal-unauth-enc > > I have a lot of questions, but here's a few to start with: > > Why headers and not frames? > - Could be headers or frames, as long as it is some place that is in the control plane. That's for the grizzled HTTP/2 experts (as in, not me) to pick. > > Why did you choose to submit a draft that doesn't tackle the key > question of what is being encrypted? > Because the goal is to "encrypt more", and there is disagreement about what "more" means. The WG seemed more wedged on how to encrypt than what to encrypt. I trust the WG to resolve the latter if they figure out the former. > Why did you choose to invent a new security protocol and not repurpose > something like DTLS? > DTLS assumes a transport layer after the negotiation is done. DTLS takes many more round trips. DTLS has the concept of authenticating the server mostly built-in. If the WG wants DTLS, I would strongly suggest using TLS instead. And, this isn't inventing a new protocol: it is instantiating what is known to be the minimum needed to get an encryption key. "Here is some key material and a description of it; yes, that's fine, and here we go" or "Here is some key material and a description of it; no, I'd rather use this algorithm so here is my initial keying material; yes, that's fine, and here we go" plus rejection messages. This is sufficient for borking passive surveillance but not active attacks. --Paul Hoffman
Received on Tuesday, 3 December 2013 17:33:04 UTC