- From: Paul Hoffman <paul.hoffman@gmail.com>
- Date: Tue, 3 Dec 2013 20:18:42 -0800
- To: James M Snell <jasnell@gmail.com>
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Received on Wednesday, 4 December 2013 04:19:09 UTC
On Tue, Dec 3, 2013 at 8:03 PM, James M Snell <jasnell@gmail.com> wrote: > 1. So far this appears only to sketch out a rough key derivation > strategy... it doesn't really say, however, *what* parts of the > message are being encrypted. DATA frame payloads only? HEADERS frame > payloads? What about PUSH_PROMISE? Extension frames? These will all > need to be addressed at some point. > Yes. > 2. Who exactly is S1? S1 is not a "who", it is a message. C1 is the first message from the client to the server, S1 is the first message from the server to the client. > What is the relationship between S1 and Origin? > How does C1 know who it is communicating with? C1 doesn't: that's the whole point of "unauthenticated". If I can make that any more clear in the document, please let me know how. > Is the negotiation > hop-by-hop or end-to-end? It is for a single HTTP/2 connection between a client and a server. > Can there be multiple keys derived and used > within a single HTTP/2 connection? > The current draft assumes a single set of keys. There is no need for more if the purpose is to thwart surveillance. Having multiple keys possible seems like a feature without a problem behind it. --Paul Hoffman
Received on Wednesday, 4 December 2013 04:19:09 UTC