- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 15 Aug 2014 21:25:36 +1000
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Hi PHK, On 15 Aug 2014, at 7:16 pm, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > Straw-man: > ---------- > > http:/ can use TLS with *arbitrarily weak* crypto algorithms, > and no authentication, and it is treated *exactly* like > HTTP/1.1 plaintext by browsers. > > https:/ uses authenticated TLS with strong crypto, as today, > and indicates this with the well-known changes in browser > behaviour. It sounds like you're proposing that we allow weaker ciphersuites for the Opp-Sec draft. That hasn't been discussed explicitly before IIRC, but it shares an issue that we did previously discuss; if you're not authenticating the Opp-Sec traffic, you want it to look as much like "real" TLS traffic as possible, so that an attacker doesn't know which connections it can MITM without being caught. If Opp-Sec traffic is able to be distinguished (e.g., by using a different ciphersuite), it'll be possible for an active attacker to selectively MITM it and not be detected. The trade-off of the extra efficiency gained vs. the loss of protection is debatable from both sides, of course. Cheers, -- Mark Nottingham https://www.mnot.net/
Received on Friday, 15 August 2014 11:26:09 UTC