- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 2 Jan 2015 11:12:59 -0800
- To: Aeris <aeris@imirhil.fr>
- Cc: Ryan Hamilton <rch@google.com>, Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, Patrick McManus <pmcmanus@mozilla.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 2 January 2015 at 11:06, Aeris <aeris@imirhil.fr> wrote: > Too bad the overall security will be such there is no way to use it on a post- > snowden era and/or with critical content… For the record, I disagree with that assessment. There are strict security improvements in HTTP/2. Connection reuse can also provide non-trivial privacy advantages. As others have stated, the issues you describe are rooted in implementation concerns: TLSA validation not being integral, not being able to assess the security properties of a request, etc... These don't require standardization to fix.
Received on Friday, 2 January 2015 19:13:26 UTC