Re: Comments about draft-ietf-httpbis-http2-16 : Connection reuse

On 2 January 2015 at 11:06, Aeris <aeris@imirhil.fr> wrote:
> Too bad the overall security will be such there is no way to use it on a post-
> snowden era and/or with critical content…

For the record, I disagree with that assessment.  There are strict
security improvements in HTTP/2.  Connection reuse can also provide
non-trivial privacy advantages.

As others have stated, the issues you describe are rooted in
implementation concerns: TLSA validation not being integral, not being
able to assess the security properties of a request, etc...  These
don't require standardization to fix.

Received on Friday, 2 January 2015 19:13:26 UTC