Re: Trust and provacy problems with draft-loreto-httpbis-explicitly-auth-proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Salavatore.

Le 06/05/2014 13:27, Salvatore Loreto a écrit :
Hi Raphael,

first let me clarify once again: https resources are not affected by the explicitly authenticated proxy
the draft only propose to proxy the http:// resources.

But one of the aim of HTTP2 is to make TLS 1.2 (or greater) mandatory, the same way HTTPS does.
Add to this that most browsers have skipped the http or https part of an URI, what will be the difference between http and https ?

In my opinion, with HTTP2 and mandatory encryption, HTTPS will no longer exist. (except maybe for the handling of the X.509 trust model)
We have to deal all the encrypted flow in the same way. Any exception would be fatal.

Best regards.
Raphaël Durand

Attachment: signature.asc
Description: OpenPGP digital signature

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]