ietf
[Top] [All Lists]

Re: https at ietf.org

2013-11-07 11:29:17
On Thu, Nov 7, 2013 at 5:19 PM, Noel Chiappa 
<jnc(_at_)mercury(_dot_)lcs(_dot_)mit(_dot_)edu>wrote:

    > From: ned+ietf(_at_)mauve(_dot_)mrochek(_dot_)com

    > In light of the sentiments expressed at the plenary and in perpass in
    > regards to opportunistic encryptions, perhaps this is the dogfood we
    > should be eating.

Yes, encrypting publicly available documents will do so much to increase
our
privacy.


That's not what Ned or I was hinting at.

RFC 2817 describes a mechanism for connecting on port 80, and asking the
server nicely to switch to TLS, rather than connecting on port 443 and
switching to TLS from the outset.

It's the equivalent of the majority of protocols, which support a
"STARTTLS" or similar extension, making it trivial to provide and use
optional, opportunistic, encryption.

What this would allow is that browsers could *easily* use TLS to provide
some protection, even when given an "http" scheme URI.

Dave.
<Prev in Thread] Current Thread [Next in Thread>