Re: HTTP/2 and Pervasive Monitoring

On Fri, 15 Aug 2014 13:25:36 +0200, Mark Nottingham <> wrote:

> Hi PHK,
> On 15 Aug 2014, at 7:16 pm, Poul-Henning Kamp <> wrote:
>> Straw-man:
>> ----------
>>  http:/ can use TLS with *arbitrarily weak* crypto algorithms,
>>  and no authentication, and it is treated *exactly* like
>>  HTTP/1.1 plaintext by browsers.
>>  https:/ uses authenticated TLS with strong crypto, as today,
>>  and indicates this with the well-known changes in browser
>>  behaviour.
> It sounds like you're proposing that we allow weaker ciphersuites for  
> the Opp-Sec draft.
> That hasn't been discussed explicitly before IIRC, but it shares an  
> issue that we did previously discuss; if you're not authenticating the  
> Opp-Sec traffic, you want it to look as much like "real" TLS traffic as  
> possible, so that an attacker doesn't know which connections it can MITM  
> without being caught.

What you can do in an MITM scenario isn't really relevant to PM. It's  
still harder to MITM weak TLS than clear text.

I think it is more worrisome having the weak ciphers in there at all, as  
it opens up for bad configurations and downgrade attacks of https  

/Martin Nilsson

Using Opera's mail client:

Received on Friday, 15 August 2014 12:43:56 UTC