ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Trust and provacy problems with draft-loreto-httpbis-explicitly-auth-proxy

2014-05-07 10:16:40
from [Raphaël Durand] [Permanent Link] 
Hello Salavatore.

Le 06/05/2014 13:27, Salvatore Loreto a écrit :

Hi Raphael,

first let me clarify once again: https resources are not affected by
the explicitly authenticated proxy
the draft only propose to proxy the http:// resources.


But one of the aim of HTTP2 is to make TLS 1.2 (or greater) mandatory,
the same way HTTPS does.
Add to this that most browsers have skipped the http or https part of an
URI, what will be the difference between http and https ?

In my opinion, with HTTP2 and mandatory encryption, HTTPS will no longer
exist. (except maybe for the handling of the X.509 trust model)
We have to deal all the encrypted flow in the same way. Any exception
would be fatal.

Best regards.
Raphaël Durand

Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AW: [ippm] Last Call: <draft-ietf-ippm-2330-update-04.txt> (Advanced Stream and Sampling Framework for IPPM) to Informational RFC, Ruediger.Geib
Next by Date:  IETF Website Revamp SOW Review Round Two, IETF Administrative Director
Previous by Thread:  Re: Trust and provacy problems with draft-loreto-httpbis-explicitly-auth-proxy, Salvatore Loreto
Next by Thread:  Re: Trust and provacy problems with draft-loreto-httpbis-explicitly-auth-proxy, Paul Wouters
Indexes:  [Date] [Thread] [Top] [All Lists]