Re: impact of 9.2.2 changes and discussions on opportunistic encryption draft

As Rob has pointed out, this would represent a huge security regression for
the spec. This change falls into the "can't live with it" category for us.

On Thu, Oct 30, 2014 at 10:35 PM, Robert Collins <robertc@robertcollins.net>
wrote:

> On 31 October 2014 12:40, Martin Thomson <martin.thomson@gmail.com> wrote:
> > On 30 October 2014 15:36, Erik Nygren <erik@nygren.org> wrote:
> >> In light of the discussion around 9.2.2, are there changes we want to
> >> consider
> >> making to draft-ietf-httpbis-http2-encryption that could improve
> >> interoperability
> >> when it is used?  Should that draft strongly encourage using TLS with
> >> DHE/ECDHE key exchange for (P)FS, or does that dive too deeply into
> >> the same problems with 9.2.2?
> >
> > We can tighten up the requirements, certainly.
> >
> >> One thought that I had was that we may want the localhost Alt-Svc to
> >> indicate
> >> when the server does not plan to offer valid authentication.
> >
> > This was a feature that was included in early versions, in a slightly
> > different form.  And I have argued against it.  I don't see any value
> > in this.  You either expect to authenticate, or not.  The way that the
> > current draft addresses this is to have the new connection promise to
> > provide authentication.  I'd rather not have two mechanisms for the
> > same thing.
>
> Also wouldn't it deliver a trivial downgrade attack to folk who can
> intercept and alter traffic?
>
> -Rob
>
> --
> Robert Collins <rbtcollins@hp.com>
> Distinguished Technologist
> HP Converged Cloud
>
>

Received on Friday, 31 October 2014 17:27:12 UTC