Re: HTTP/2 and Pervasive Monitoring

On 15 August 2014 07:50, Poul-Henning Kamp <> wrote:
> I was talking only conceptually here, the actual protocol mechanics
> will be at least as tricky as HTTP/1 -> HTTP/2 upgrade.

I've talked with several people about HTTP/1.1 and the mechanisms
we've defined.  They are portable - in theory.

The problem is that you not only need a strong signal with the
response that the server has understood that this is an http:// URI,
but you might also want some way to prevent the server from even
processing the request.

Incidentally, the difference between good crypto and bad crypto here
is that good crypto is fast and secure and bad crypto is just bad.
It's not even necessarily faster on modern hardware (AES runs
sub-cycle-per-byte on the latest Intel hardware).  I know that we're
talking RC4 here.  Without AES-NI, RC4 is quite a bit faster than AES,
but I expect that we'll see a good alternative (ChaCha20) before too
long that is faster than both on many of those old machines.

Received on Friday, 15 August 2014 18:13:39 UTC