- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 12 May 2015 10:35:58 -0700
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
On 12 May 2015 at 10:17, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > Which is why we should think about "Accept-Encryption" I think that the problem you are concerned with is why the Key draft [1] exists. In this context, I don't see responses actually varying based on the Accept-Encoding header field. Servers will encrypt based on their needs more so than in reaction to clients claiming support. In fact, if we were to rely solely on Accept-Encoding (or create Accept-Encryption), then we create the potential for a downgrade attack if we ever need to define an alternative encryption encoding to address flaws in this one. [1] https://tools.ietf.org/html/draft-fielding-http-key
Received on Tuesday, 12 May 2015 17:36:26 UTC