Re: Proposal for doing unauthenticated encryption inside of HTTP/2

On 3 December 2013 09:32, Paul Hoffman <> wrote:
> Because the goal is to "encrypt more", and there is disagreement about what
> "more" means. The WG seemed more wedged on how to encrypt than what to
> encrypt. I trust the WG to resolve the latter if they figure out the former.

You are far more trusting than I :)

The reason I asked this question was not because I wanted you to stick
your neck out that much further.  I really wanted to get some of the
more difficult questions answered with respect to how the keying
material was applied.  Sequence numbers, IVs, all that sort of muck.
Maybe that's just an inherent aversion to hand-waving over the

>> Why did you choose to invent a new security protocol and not repurpose
>> something like DTLS?
> DTLS assumes a transport layer after the negotiation is done. DTLS takes
> many more round trips. DTLS has the concept of authenticating the server
> mostly built-in. If the WG wants DTLS, I would strongly suggest using TLS
> instead.

Yes, that's the unasked question.  What's wrong with TLS exactly?

> And, this isn't inventing a new protocol: it is instantiating what is known
> to be the minimum needed to get an encryption key.

You seem to have a very different definition of "protocol" and "new"
to me.  Not important.

Received on Tuesday, 3 December 2013 17:45:18 UTC