W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Proposal for doing unauthenticated encryption inside of HTTP/2

From: Paul Hoffman <paul.hoffman@gmail.com>
Date: Wed, 4 Dec 2013 09:56:26 -0800
Message-ID: <CAPik8yaLYqxGZit_XwGEH_bgn30RaX5SXG_Wvmrc6JieyOsrmg@mail.gmail.com>
To: James M Snell <jasnell@gmail.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Wed, Dec 4, 2013 at 9:22 AM, James M Snell <jasnell@gmail.com> wrote:

> I
> firmly believe that we cannot adequately address the passive
> surveillance issue using this form of unauthenticated encryption.

Please say more about this firm belief. This affects both Mark's
redirection proposal and mine. I have never heard how unauthenticated
encryption can be broken by a passive watcher, but if you have references
to such attacks, they would be very useful here.
Received on Wednesday, 4 December 2013 17:56:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:20 UTC