As Rob has pointed out, this would represent a huge security regression for the spec. This change falls into the "can't live with it" category for us. On Thu, Oct 30, 2014 at 10:35 PM, Robert Collins <robertc@robertcollins.net> wrote: > On 31 October 2014 12:40, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 30 October 2014 15:36, Erik Nygren <erik@nygren.org> wrote: > >> In light of the discussion around 9.2.2, are there changes we want to > >> consider > >> making to draft-ietf-httpbis-http2-encryption that could improve > >> interoperability > >> when it is used? Should that draft strongly encourage using TLS with > >> DHE/ECDHE key exchange for (P)FS, or does that dive too deeply into > >> the same problems with 9.2.2? > > > > We can tighten up the requirements, certainly. > > > >> One thought that I had was that we may want the localhost Alt-Svc to > >> indicate > >> when the server does not plan to offer valid authentication. > > > > This was a feature that was included in early versions, in a slightly > > different form. And I have argued against it. I don't see any value > > in this. You either expect to authenticate, or not. The way that the > > current draft addresses this is to have the new connection promise to > > provide authentication. I'd rather not have two mechanisms for the > > same thing. > > Also wouldn't it deliver a trivial downgrade attack to folk who can > intercept and alter traffic? > > -Rob > > -- > Robert Collins <rbtcollins@hp.com> > Distinguished Technologist > HP Converged Cloud > >
Received on Friday, 31 October 2014 17:27:12 UTC