W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Fwd: New Version Notification for draft-nottingham-http2-encryption-02.txt

From: Adrien de Croy <adrien@qbik.com>
Date: Thu, 12 Dec 2013 20:38:45 +0000
To: William Chan (陈智昌) <willchan@chromium.org>
Cc: "Patrick McManus" <mcmanus@ducksong.com>, "Martin Thomson" <martin.thomson@gmail.com>, "Mark Nottingham" <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>
Message-Id: <em8ee426c4-4d11-4310-86af-6eeefcfaecfd@bodybag>

------ Original Message ------
From: "William Chan (陈智昌)" <willchan@chromium.org>
To: "Adrien de Croy" <adrien@qbik.com>
Cc: "Patrick McManus" <mcmanus@ducksong.com>; "Martin Thomson" 
<martin.thomson@gmail.com>; "Mark Nottingham" <mnot@mnot.net>; "HTTP 
Working Group" <ietf-http-wg@w3.org>
Sent: 13/12/2013 09:28:06
Subject: Re: Fwd: New Version Notification for 
>On Thu, Dec 12, 2013 at 12:21 PM, Adrien de Croy <adrien@qbik.com> 
>>  Maybe the problem is us.
>>  e.g. that we think the level of https adoption is a problem to be 
>>  personally I do not.
>I understand and disagree with your position on HTTPS adoption. I
>mostly brought it up in comparison to opportunistic encryption. IIUC,
>you also disagree with opportunistic encryption as well.

Actually no I don't, STLS/STARTTLS work great in POP3/IMAP/SMTP.

People get to retain choice whether it is used and/or offered.

>>  What if it simply reflects the desires of the people who own and run 
>>  sites. Exercising their choice.
>>  We are proposing (yet again) taking that choice away which I have a 
>>  problem with. It's a philosophical problem, I don't believe any of us 
>>  the right to make those choices for everyone else, especially 
>>  (which few seem to be) the ENORMOUS cost.
>I believe you are incorrect in your understanding of the proposal.
>This particular draft proposal is about offering a mechanism for
>opportunistic encryption. It's a mechanism, and once again up to the
>site author's choice. Let me know if I misunderstood you.
ok, I thought you were proposing that opportunistic encryption was 
something Chromium wouldn't get, because you didn't want to offer any 
alternative path to full authenticated TLS.


>>  Adrien
>>  ------ Original Message ------
>>  From: "William Chan (陈智昌)" <willchan@chromium.org>
>>  To: "Patrick McManus" <mcmanus@ducksong.com>
>>  Cc: "Martin Thomson" <martin.thomson@gmail.com>; "Mark Nottingham"
>>  <mnot@mnot.net>; "HTTP Working Group" <ietf-http-wg@w3.org>
>>  Sent: 13/12/2013 09:05:07
>>  Subject: Re: Fwd: New Version Notification for
>>  draft-nottingham-http2-encryption-02.txt
>>>  Me speaking as a Chromium project representative here:
>>>  We talked about this internally amongst Chromium project members, 
>>>  the *current consensus* opinion is that Chromium does not support
>>>  opportunistic encryption, nor would we implement it were such a
>>>  mechanism standardized (I'm assuming no one's proposing mandatory to
>>>  implement...the draft does not appear to do so). We want to push
>>>  people toward adopting HTTPS, not the middle ground of opportunistic
>>>  encryption. You can see some opinions from other project members
>>>  (https://twitter.com/sleevi_/status/410092604613611520,
>>>  https://twitter.com/justinschuh/status/410104482622472192,
>>>  https://twitter.com/sleevi_/status/410093372116709376).
>>>  OK, back to me talking as me, just another IETF individual:
>>>  I respect the goals behind opportunistic encryption, but it is
>>>  *unclear* to me if it is actually a net positive. There are 
>>>  a lot of things to like about it which I think have already been
>>>  covered. But I'm concerned that the risk of hurting HTTPS adoption 
>>>  real and significant. I don't have hard data to back this up. But 
>>>  looking at the numerous complaints about browser warnings for
>>>  self-signed certs
>>>  (http://robert.accettura.com/blog/2008/07/19/unobstructed-https/,
>>>  etc) is indicative that site developers perceive a lot of benefit 
>>>  encryption without authentication. I am not convinced site 
>>>  sufficiently understand the importance of authentication, and I 
>>>  that offering a middle ground of unauthenticated encryption will 
>>>  them an out to not go full HTTPS.
>>>  I think that the main problem we'd like to address is that HTTPS
>>>  adoption sucks. I join others in saying we should focus our energies
>>>  on solving that problem
>>>  (https://twitter.com/BRIAN_____/status/410181992085336064), rather
>>>  than working on proposals where the net result is unclear to be
>>>  beneficial or detrimental.
>>>  Cheers.
>>>  On Thu, Dec 12, 2013 at 10:03 AM, Patrick McManus 
>>>  wrote:
>>>>   I am slowing coming to a similar position on http2-encryption that
>>>>  Martin
>>>>   expresses in the quote trail.
>>>>   Doing the relaxed semantic is imo probably a net-positive. I'm not
>>>>  entirely
>>>>   convinced but I'm not sure anything other than time and 
>>>>   experience could make it more clear. (anyone interested in a poc 
>>>>  let
>>>>   me know.)
>>>>   I also don't see a need to use a different *PN token for it than 
>>>>  would
>>>>   for normal https. Any advertisement for relaxed (e.g. via alt-svc) 
>>>>  scoped
>>>>   to the origin (and therefore scheme) and http/2 itself carries a 
>>>>  on
>>>>   every transaction so the server isn't gaining any new information 
>>>>  putting
>>>>   a relaxed token in the handshake. Brian, over in TLS WG, and 
>>>>Martin have
>>>>   made different arguments why using 2 identifiers could be a net 
>>>>loss to
>>>>   security and I don't see anyone arguing its necessity.
>>>>   On Thu, Dec 12, 2013 at 12:31 AM, Martin Thomson
>>>>  <martin.thomson@gmail.com>
>>>>   wrote:
>>>>>   Overall, I think that the relaxed semantic proposed here is a 
>>>>>   approach to getting more goodness into our protocol. Goodness 
>>>>>being, in
>>>>>  this
>>>>>   instance, better resilience against passive attacks, as well as 
>>>>>   avenues to some forms of active attack mitigation.
>>>>>   Re C.4:
>>>>>   I haven't seen strong justification for the "h2r" identifier. On 
>>>>>   contrary, I see potential for harm in it. I'm worried that this 
>>>>>  create
>>>>>   more confusion about the security properties of the protocol.
>>>>>   The idea that "h2r" might be used as some form of signal is 
>>>>>   devoid of value unless you believe that http: URIs will somehow 
>>>>>need to
>>>>>  be
>>>>>   retrieved with the same level of confidentiality and 
>>>>>authentication as
>>>>>   https: ones. I just don't see a server that cares about this 
>>>>>  the "s"
>>>>>   off.
>>>>>   I believe it to be sufficient for the client to just use TLS. Any
>>>>>   decisions about authentication are largely up to the client. The 
>>>>>   would have to assume that http: URIs aren't going through 
>>>>>  checks,
>>>>>   though that doesn't mean that checking is completely precluded. I 
>>>>>   imagine not checking in the classic CA chaining sense, but maybe
>>>>>  CT-like
>>>>>   mechanisms could be useful in reducing the incidences of some 
>>>>>types of
>>>>>   active attacks. Especially if we are able to provide sufficient
>>>>>  incentive
>>>>>   for proxies to come out from cover of darkness (actually, that 
>>>>>may be a
>>>>>   necessary precondition for some really strong improvements).
>>>>>   Creating disincentives around the use of "better" modes is - 
>>>>>aside from
>>>>>   just being perverse - ultimately going to be self-defeating. As 
>>>>>long as
>>>>>  the
>>>>>   downgrade path includes HTTP/1.1 in the clear, an active attack 
>>>>>  going to
>>>>>   be trivial to mount without some other facilities in place.
>>>>>   I think that a "relaxed" mode is a good incremental improvement. 
>>>>>  it
>>>>>   will be a leg up on those facilities.
>>>>>   On Dec 10, 2013 8:21 PM, "Mark Nottingham" <mnot@mnot.net> wrote:
>>>>>>   FYI.
>>>>>>   Begin forwarded message:
>>>>>>   > From: internet-drafts@ietf.org
>>>>>>   > Subject: New Version Notification for
>>>>>>   > draft-nottingham-http2-encryption-02.txt
>>>>>>   > Date: 11 December 2013 3:18:55 pm AEDT
>>>>>>   > To: Mark Nottingham <mnot@mnot.net>
>>>>>>   >
>>>>>>   >
>>>>>>   > A new version of I-D, draft-nottingham-http2-encryption-02.txt
>>>>>>   > has been successfully submitted by Mark Nottingham and posted 
>>>>>>to the
>>>>>>   > IETF repository.
>>>>>>   >
>>>>>>   > Filename: draft-nottingham-http2-encryption
>>>>>>   > Revision: 02
>>>>>>   > Title: Opportunistic Encryption for HTTP URIs
>>>>>>   > Creation date: 2013-12-11
>>>>>>   > Group: Individual Submission
>>>>>>   > Number of pages: 10
>>>>>>   > URL:
>>>>>>   >
>>>>>>   > Status:
>>>>>>   > 
>>>>>>   > Htmlized:
>>>>>>   > 
>>>>>>   > Diff:
>>>>>>   >
>>>>>>   >
>>>>>>   > Abstract:
>>>>>>   > This document proposes two changes to HTTP/2.0; first, it 
>>>>>>   > using ALPN Protocol Identifies to identify the specific stack 
>>>>>>   > protocols in use, including TLS, and second, it proposes a way 
>>>>>>   > opportunistically encrypt HTTP/2.0 using TLS for HTTP URIs.
>>>>>>   >
>>>>>>   >
>>>>>>   >
>>>>>>   >
>>>>>>   > Please note that it may take a couple of minutes from the time 
>>>>>>   > submission
>>>>>>   > until the htmlized version and diff are available at 
>>>>>>   >
>>>>>>   > The IETF Secretariat
>>>>>>   >
>>>>>>   --
>>>>>>   Mark Nottingham http://www.mnot.net/
Received on Thursday, 12 December 2013 20:38:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:21 UTC