Re: Pluggable HTTPS Backends from Soni L. on 2023-11-08 (ietf-http-wg@w3.org from October to December 2023)

From: Soni L. <fakedme+http@gmail.com>
Date: Wed, 8 Nov 2023 14:11:00 -0300
To: ietf-http-wg@w3.org
Message-ID: <ab4b5112-e57d-4616-8bec-2c65459633d2@gmail.com>

Only allowing TLS to benefit from secure contexts (service workers, 
HTTP/2, etc) when it's known to be insecure (see also: recent MITM of a 
russian jabber server - something that would just not be possible with 
tor or i2p) is by far one of the most dangerous stances someone can take 
on the matter.

On 2023-11-08 13:51, Martin Thomson wrote:
> I disagree.  A uniform stack promotes interoperability.
>
> On Wed, Nov 8, 2023, at 09:51, Soni L. wrote:
> > HTTPS's ties to TLS are a mistake. Pluggable HTTPS Backends would allow 
> > system administrators to provide alternative DV methods, like Tor and 
> > i2p, that also happen to be much stronger than those provided by TLS.
> >
> > This would benefit everyone. Note that malware is already free to bypass 
> > TLS requirements, so no new risks would be added here.
>

Received on Wednesday, 8 November 2023 17:11:11 UTC