- From: Willy Tarreau <w@1wt.eu>
- Date: Wed, 25 Nov 2015 07:44:33 +0100
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Hi Mark, On Wed, Nov 25, 2015 at 03:53:07PM +1100, Mark Nottingham wrote: > We've discussed this document a few times: > <https://tools.ietf.org/html/draft-thomson-http-encryption> > > WEBPUSH now has a normative requirement upon it in > <https://tools.ietf.org/html/draft-ietf-webpush-encryption> > > So, I believe that we should adopt this document as a WG product, with a target of Proposed Standard. > > Please comment on-list; we???ll make a decision about adoption at the end of next week. I agree we should adopt it. I've been working in bank environments where in-house payload encryption was used everywhere so that headers could be kept in clear for message routing / load balancing. TLS doesn't allow this since each node can see everything in clear once decrypted. Such a proposal makes it much simpler to design such a system and keep it standards-compliant. So +1 for me. Willy
Received on Wednesday, 25 November 2015 06:45:00 UTC