Re: Proposal for doing unauthenticated encryption inside of HTTP/2

If you don't care about my particular use cases, that is fine, but
please understand that any criticism is meant to be constructive. I
firmly believe that we cannot adequately address the passive
surveillance issue using this form of unauthenticated encryption. I'm
all for experimentation in this area and throwing around new ideas,
but I'm definitely not convinced that your draft meets the mark as it
currently sits.

On Wed, Dec 4, 2013 at 9:12 AM, Paul Hoffman <> wrote:
> Just to be clear, this draft is aimed at the use case that the WG seems to
> be interested in (thwarting passive surveillance), not the one you seem to
> be wanting it to point to. If you want to pursue yours, that's fine I guess,
> but please don't disparage mine for meeting what seems to be the one the WG
> wants.

Received on Wednesday, 4 December 2013 17:23:14 UTC