W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: HTTP/2 and Pervasive Monitoring

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Fri, 15 Aug 2014 14:50:38 +0000
To: Erik Nygren <erik@nygren.org>
cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <6574.1408114238@critter.freebsd.dk>
In message <CAKC-DJjFk9==Y4ayn=A-fZBaEt-G_+n=XQ9B8rKqWaT-LQh3vQ@mail.gmail.com>
, Erik Nygren writes:

>[...]  provision a real certificate, [...]

I have it from many corners, than anything which involves "real
certificates" are not going to happen for a large swath of "unimportant"
traffic because of the extortionary business behavior of the CA-mob.

I personally have no love for the CA-mob, but a lot of people seem to
hate their guts.  Keeping them out of the picture wrt. fighting PM
would be a good idea.

Also, we don't need very big certs, they just have to hold for a
few seconds.

>> For that matter this is not even specific to HTTP/2 in any way, it
>> could also be deployed for HTTP/1.1.
>Only if there was a way to convey Scheme (http vs https) in a way that
>worked reliably for existing HTTP/1.1 servers.

I was talking only conceptually here, the actual protocol mechanics
will be at least as tricky as HTTP/1 -> HTTP/2 upgrade.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Friday, 15 August 2014 14:51:02 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC