- From: Toerless Eckert <tte@cs.fau.de>
- Date: Thu, 3 Jun 2021 13:43:24 +0200
- To: Paul Vixie <paul@redbarn.org>
- Cc: "Soni L." <fakedme+http@gmail.com>, ietf-http-wg@w3.org
Which RFC that is updating RFC8446 is providing null crypto ? On Thu, Jun 03, 2021 at 04:05:15AM +0000, Paul Vixie wrote: > On Wed, Jun 02, 2021 at 11:54:55PM -0300, Soni L. wrote: > > On 2021-06-02 11:15 p.m., Paul Vixie wrote: > > > TCP/80 will remain in use for vm-internal and hypervisor-scale API's > > > for much longer than 50 years. it's nice that we have a null-crypto > > > option on TCP/443 now, but negotiating that across shared silicon when > > > the endpoints all share a von neumann domain is complexity we would > > > never be grateful for. it may also have a long life on disconnected > > > LANs. > > > > Have you heard of asymmetric PAKE (TLS-SRP)? It's kinda, perfect for LAN > > (and by extension VM-internal/hypervisor-scale). Would be great to > > replace TCP/80 with PAKEs on TCP/443 and UDP/443. > > forgive me for referring to it informally as "a null-crypto option on > TCP/443" above. but yes, i know about that. > > > There are definitely enough paths for the deprecation of TCP/80. We just > > have to use them. Less error prone than DIY CA and doesn't involve > > configuring null-crypto. > > non-upgradable devices will never go out of style. this installed base is > not subject to deprecation pressure. industrial control systems are far less > tractible than web browsers. > > the analogue to this is IPv4. at some point the IETF said, everybody should > switch to IPv6, and to facilitate that, there will be no more protocol > enhancement actions to IPv4. if you want to innovate, do it in IPv6. > > we could say that about TCP/80. but we won't be taken seriously if use the > word "deprecate". > > -- > Paul Vixie
Received on Thursday, 3 June 2021 11:44:13 UTC