- From: Willy Tarreau <w@1wt.eu>
- Date: Tue, 12 May 2015 07:06:20 +0200
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
On Mon, May 11, 2015 at 05:07:31PM -0700, Martin Thomson wrote: > On 11 May 2015 at 16:18, Amos Jeffries <squid3@treenet.co.nz> wrote: > > I am more than a little surprised to find not one single mention of > > proxy or cache middleware types or interoperability with them anywhere > > within this document. Despite clear implications that it is intended for > > use to secure data within CDN and other plain-text HTTP environments. > > Cleartext HTTP use cases are actually not intended for this, though > I'm not opposed to adding any that make sense. Well, you see, I've met people who designed and deployed their in-house payload encryption mechanism in a banking environment where using plain text for headers is mandatory to provide request routing capabilities without giving the ability to decrypt data between the two extremities. In fact many people use HTTP as a service-aware transport protocol on top of TCP. I can predict that you'll get requests for encrypting or at least signing *some* header fields because these people had to do that when facing the same use cases :-) I hope to find some time to review your work, that sounds interesting and useful. Thanks, Willy
Received on Tuesday, 12 May 2015 05:07:00 UTC