ietf
[Top] [All Lists]

Re: [IAB] Mandatory encryption as part of HTTP2

2013-11-15 19:55:36
ted, great post.

two things i might further stress.

encrypting as much as reasonably possible spreads the cash of the
pervasive passive attcker.

there may be 600+ 'trusted' CAs.  but what is actually used is a bit
surprising  
    "Analysis of the HTTPS Certificate Ecosystem",
    Z. Durumeric, J. Kasten, M. Bailey, J.A. Halderman (University of
    Michigan)
    http://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf
fix needed here.

randy

<Prev in Thread] Current Thread [Next in Thread>