Re: Proposal for doing unauthenticated encryption inside of HTTP/2

On Wed, Dec 4, 2013 at 9:22 AM, James M Snell <> wrote:

> I
> firmly believe that we cannot adequately address the passive
> surveillance issue using this form of unauthenticated encryption.

Please say more about this firm belief. This affects both Mark's
redirection proposal and mine. I have never heard how unauthenticated
encryption can be broken by a passive watcher, but if you have references
to such attacks, they would be very useful here.

Received on Wednesday, 4 December 2013 17:56:53 UTC