- From: Ilari Liusvaara <ilariliusvaara@welho.com>
- Date: Sat, 15 Jul 2017 20:59:46 +0300
- To: Erik Nygren <erik@nygren.org>
- Cc: Patrick McManus <mcmanus@ducksong.com>, Piotr Sikora <piotrsikora@google.com>, Ryan Hamilton <rch@google.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Sat, Jul 15, 2017 at 12:47:49PM -0400, Erik Nygren wrote: > My concerns align with Ryan and Mike's. My preference would be to remove > the current language about not consulting DNS from the ORIGIN draft (having > it focus on restricting scope with hooks for future expansion). > > Separately we can start collaborating on a draft that finds a good set of > controls to give the balance of security and privacy and performance > properties. Alt-Svc (perhaps with an extension attribute?) does seem like > a good starting point as it gives positive control from an Origin. The > other ideas (eg, something CT like) seem intriguing but need more > exploration. Let's take four schemes: 1) No checks (beyond usual certificate checks) 2) Require CT qualification (and possibly OCSP). 3) ALT-SVC (not entierely clear to me, but I can guess) 4) Consult DNS For privacy and speed, 1) and 2) have big advantage over 3) and 4) (and 3) is even worse than 4) in both).. For security using standard assumptions, all are very close to one another. The main problem with not giving control seems to be servers that have overly wide certificates and then mishandle requests (through sadly most servers do mishandle requests). -Ilari
Received on Saturday, 15 July 2017 18:00:21 UTC