Re: impact of 9.2.2 changes and discussions on opportunistic encryption draft from Erik Nygren on 2014-11-03 (ietf-http-wg@w3.org from October to December 2014)

From: Erik Nygren <erik@nygren.org>
Date: Mon, 3 Nov 2014 15:42:02 -0500
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Michaela LaVan <mlavan@google.com>, Robert Collins <robertc@robertcollins.net>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <CAKC-DJi=ZhB9TaRqXo3ZThGZNrkE30YgBda3vOs2FqqwCKJesQ@mail.gmail.com>

On Mon, Nov 3, 2014 at 3:01 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> On 31 October 2014 11:56, Erik Nygren <erik@nygren.org> wrote:
> > If everyone sticks with #1 or #2 and only uses #3 for the HTTP-TLS case
> > we're fine.
>
>
> That's not an *if*, that's a *requirement*.  You can't have a
> situation where both peers have different expectations regarding a
> critical feature like authentication.
>
> If -encryption fails to make that clear, let's work on that.
>

Is it clear to people how the different drafts interact?
In particular, if someone were to decide to not implement -encryption
but implement with altsvc then you'd end up with them using #3
all of the time in a way that is indistinguishable.

        Erik

Received on Monday, 3 November 2014 20:42:29 UTC