W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Trusted proxy UI strawman

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Fri, 20 Jun 2014 13:37:56 +0100
Message-ID: <53A42B24.6020109@cs.tcd.ie>
To: "Richard Wheeldon (rwheeldo)" <rwheeldo@cisco.com>, Jason Greene <jason.greene@redhat.com>, Martin Thomson <martin.thomson@gmail.com>
CC: Barry Leiba <barryleiba@computer.org>, Peter Lepeska <bizzbyster@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>


On 20/06/14 01:52, Richard Wheeldon (rwheeldo) wrote:
> From: Jason Greene [mailto:jason.greene@redhat.com]
>> IMO this topic points at a general need for the web to have finer
>> grained encryption.
> 
> Yup. Couldn't agree more. I don't care if the NSA knows I'm pulling
> down the Google logo - it's not interesting to me or them.

I don't think that last bit is correct. [1] I've no idea
if that cookie is sent for the logo though, but I'd be
surprised if they were not interested.

> I see an opportunity with the framing work in HTTP/2 to introduce
> crypto at the frame / stream layer. I think it'll be a long road
> though,

It probably would be a long road. Selective field confidentiality
is also hard to do well without lots of complexity.

S.

[1]
http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/

> 
> Richard
> 
> 
> 
Received on Friday, 20 June 2014 12:38:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC