Re: HTTPBis Call For Adoption: Using Early Data in HTTP [aka Replay]

+1

I also strongly support adoption. Agreeing on and specifying how early data
works as-safely-as-possible between TLS 1.3 and HTTP will be critical
before we end up with non-interoperable or vulnerable-when-interoperating
implementations.  It is attractive enough that it seems likely partial
implementations will show up in production before we standardize,
especially if there is too much of a time gap between this and TLS 1.3
completing.

- Erik




On Aug 17, 2017 9:49 AM, "Kazuho Oku" <kazuhooku@gmail.com> wrote:

2017-08-10 0:25 GMT+09:00 Patrick McManus <mcmanus@ducksong.com>:
>
> https://www.ietf.org/internet-drafts/draft-thomson-http-replay-01.txt
>
> We've been discussing the risks of algorithms around early data both on
the
> list and face to face recently in Prague. This draft from Martin, Wily,
and
> Mark has obviously been the nexus of that conversation and the group
> informally signaled support for adding it as a working group item during
the
> recent meeting.
>
> Please state whether you support adoption, and ideally why. Expressions of
> interest in implementation would also be very helpful.

I strongly support adoption.

We need to standardize this draft to use Early Data in HTTP.

Received on Thursday, 17 August 2017 14:37:26 UTC