ietf
[Top] [All Lists]

RE: Mandatory encryption as part of HTTP2

2013-11-15 04:35:28

I was making a general point wider than the specific example of httpbis.

That point is well worth making here.

Lloyd Wood
http://sat-net.com/L.Wood/


________________________________________
From: Roberto Peon [grmocg(_at_)gmail(_dot_)com]
Sent: 15 November 2013 07:14
To: Wood L  Dr (Electronic Eng)
Cc: iljitsch(_at_)muada(_dot_)com; IETF Discussion; iab(_at_)iab(_dot_)org
Subject: Re: Mandatory encryption as part of HTTP2

Please follow on the HTTPbis list and contribute there.
We don't need to rehash this again here.
-=R


On Thu, Nov 14, 2013 at 8:41 PM, 
<l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk<mailto:l(_dot_)wood(_at_)surrey(_dot_)ac(_dot_)uk>>
 wrote:
+1

mandating encryption is unwise.

Make encrytpion attractive. Make it easy to use and to deploy. Make the risks 
of not adopting encryption clear.

But NEVER make it mandatory.

Lloyd Wood
http://sat-net.com/L.Wood/

If we had widespread encryption earlier, we wouldn't have an open web.
________________________________________
From: ietf-bounces(_at_)ietf(_dot_)org<mailto:ietf-bounces(_at_)ietf(_dot_)org> 
[ietf-bounces(_at_)ietf(_dot_)org<mailto:ietf-bounces(_at_)ietf(_dot_)org>] On 
Behalf Of Iljitsch van Beijnum 
[iljitsch(_at_)muada(_dot_)com<mailto:iljitsch(_at_)muada(_dot_)com>]
Sent: 14 November 2013 20:42
To: ietf(_at_)ietf(_dot_)org<mailto:ietf(_at_)ietf(_dot_)org>
Cc: iab(_at_)iab(_dot_)org<mailto:iab(_at_)iab(_dot_)org>
Subject: Mandatory encryption as part of HTTP2

Forgive me if this has been discussed before, but I haven't been active on this 
list for a while and I didn't see subject lines that indicated recent 
discussions on this.

Apparently the chair of the httpbis wg is proposing to make encryption a 
mandatory part HTTP version 2:

http://lists.w3.org/Archives/Public/ietf-http-wg/2013OctDec/0625.html

I have many medium-sized problems with this, including the issues with CAs, the 
additional fragility of depending on certs with limited lifetimes, performance 
and energy efficiency issues (both the batteries in mobile hosts and the power 
use in datacenters), severely reduced cacheability and debugging which are 
reasonable tradeoffs when privacy and authentication are needed, but are 
wasteful when they're not, which is still very often the case.

But a more fundamental problem with this approach is that it ties HTTP2 to TLS, 
while TLS is not a very good technology, except that it has proven easy to 
deploy. When we finally figure out how to get IPsec deployed as a general 
purpose solution for privacy and authentication, it would be quite annoying to 
have to run TLS, too, because HTTP2 requires it.

I'm not entirely sure why the existing problematic solution with certs and CAs 
was proposed here, as the intended goal, keep the NSA and friends out of our 
business, would be hard to reach that way. Using some kind of opportunistic 
encryption would serve that purpose much better, IMO.

(However, I do think there is value in making it possible to enable encryption 
when needed/desired without requiring the use of the https URL scheme.)

Deliberating exactly these kinds of issues is why the IAB gets paid the big 
bucks. So I hope the IAB can take on this issue.

Iljitsch