Re: HTTP/2 and Pervasive Monitoring from Greg Wilkins on 2014-08-15 (ietf-http-wg@w3.org from July to September 2014)

From: Greg Wilkins <gregw@intalio.com>
Date: Sat, 16 Aug 2014 09:12:08 +1000
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAH_y2NHOspsVugNZZgvD3XMZ522PzNkTRMS1dapcRDWQCL5ZsQ@mail.gmail.com>

On 15 August 2014 18:56, Mark Nottingham <mnot@mnot.net> wrote:

>  (I think we’re in violent agreement here)


The difference is emphasis.

I think you are saying: "We are using TLS to mitigate PM, but it is not
perfect".

I think this WG should say:  "An application protocol cannot significantly
mitigate PM. A network level solutions is required.  But we are
facilitating increased TLS usage which may mitigate some PM attacks or at
least prevent even more invasive PM"

ie the overwhelming response to BCP188 should be that this is not a problem
we can fix on our own, but we are prepared to be part of the solution.

cheers

-- 
Greg Wilkins <gregw@intalio.com>
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.

Received on Friday, 15 August 2014 23:12:37 UTC