IETF Logo Mail Archive

Re: New Version Notification for draft-nottingham-http2-encryption-03.txt

"Martin Nilsson" <nilsson@opera.com> Wed, 21 May 2014 06:59 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBA321A078B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 20 May 2014 23:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.252
X-Spam-Level:
X-Spam-Status: No, score=-7.252 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u6Ax6OJP9aCT for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 20 May 2014 23:58:59 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AE611A0484 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 20 May 2014 23:58:58 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Wn0SX-0000yj-8t for ietf-http-wg-dist@listhub.w3.org; Wed, 21 May 2014 06:57:05 +0000
Resent-Date: Wed, 21 May 2014 06:57:05 +0000
Resent-Message-Id: <E1Wn0SX-0000yj-8t@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <nilsson@opera.com>) id 1Wn0SL-0000x8-LB for ietf-http-wg@listhub.w3.org; Wed, 21 May 2014 06:56:53 +0000
Received: from mail-ee0-f46.google.com ([74.125.83.46]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <nilsson@opera.com>) id 1Wn0SK-0005M1-Ec for ietf-http-wg@w3.org; Wed, 21 May 2014 06:56:53 +0000
Received: by mail-ee0-f46.google.com with SMTP id t10so1154862eei.5 for <ietf-http-wg@w3.org>; Tue, 20 May 2014 23:56:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:to:cc:subject:references:date :mime-version:from:organization:message-id:in-reply-to:user-agent; bh=iOVIwmfwDvzVgB5x0b4h0cK5un+sW1rqVlrxRc3DONA=; b=LD/8ZaHCG0/uqm/n4IPLWyoqVulZXIMWMJGt/vhjO7vyfAg/3jHPTG6qfUGYpq6oyo 1YMYgTvYAykW1IDlYj/lOSdr86fcRr7Q6Ujn5S6ywVars16UZtl+HjBqG6JTNktILXt1 2Jc2sfgX/ug64FaPFeIBM4XqX3C5GQy6wu8ijhJ0Zeim5kwon4zVcLJ1rxFTsbTr4Jt/ jnMiiknZ0AbA5Mpdk36V3MJ1nmHQ8npjJHHAnQ01dpOiJmfVNeiTjZRaii38ekg4WRbt bp7mKUiXJYbtuLzk5s4jlJVanU4zHh6GRsY0IBUAKyrZiGXFCPpfViC3phnOkoNF//0l /OvA==
X-Gm-Message-State: ALoCoQklfhj2BZlPCyrLkg3teMgcDskoemd75s58FA8eViQgB/lx/G1wK6sRzVAT/Pux6pHqLyHZ
X-Received: by 10.14.98.69 with SMTP id u45mr984758eef.81.1400655385798; Tue, 20 May 2014 23:56:25 -0700 (PDT)
Received: from uranium.arthotel.pl ([194.181.144.74]) by mx.google.com with ESMTPSA id x42sm9491509eel.41.2014.05.20.23.56.23 for <multiple recipients> (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 20 May 2014 23:56:24 -0700 (PDT)
Content-Type: multipart/alternative; boundary="----------JSmgpIy97K2213QwhUHzF8"
To: "William Chan (陈智昌)" <willchan@chromium.org>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
References: <20140520034054.10225.92036.idtracker@ietfa.amsl.com> <5905C797-A8E2-417B-94AB-589C174382BA@mnot.net> <CAPik8yb2P5RoGMLB=OtcbnpgZd-if9FpEp0HcLQcyVMtie4Yig@mail.gmail.com> <CABkgnnUJ+eDyjJteYj0pDQyy3k-j+DC2io71P-p8F=ufvDEUwg@mail.gmail.com> <op.xf6j5aubiw9drz@uranium.oslo.osa> <CAA4WUYhXw--Ugjc2f2sxJWVq0y67p+NvWVog1TewWB9+1qGzsA@mail.gmail.com>
Date: Wed, 21 May 2014 08:56:24 +0200
MIME-Version: 1.0
From: Martin Nilsson <nilsson@opera.com>
Organization: Opera Software
Message-ID: <op.xf66wa14iw9drz@uranium.arthotel.pl>
In-Reply-To: <CAA4WUYhXw--Ugjc2f2sxJWVq0y67p+NvWVog1TewWB9+1qGzsA@mail.gmail.com>
User-Agent: Opera Mail/12.02 (Win32)
Received-SPF: pass client-ip=74.125.83.46; envelope-from=nilsson@opera.com; helo=mail-ee0-f46.google.com
X-W3C-Hub-Spam-Status: No, score=-0.7
X-W3C-Hub-Spam-Report: AWL=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1Wn0SK-0005M1-Ec 24c2dacd1532cbf5d12c5c85c5ac77ab
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-nottingham-http2-encryption-03.txt
Archived-At: <http://www.w3.org/mid/op.xf66wa14iw9drz@uranium.arthotel.pl>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/23730
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Wed, 21 May 2014 00:55:42 +0200, William Chan (陈智昌)  
<willchan@chromium.org> wrote:

>
> Transport security is very different from web security. For example,  
> only some of the resources in a webpage may be opportunistically  
> encrypted >with strong authentication. If there's active content like  
> script that's loaded without transport security, that can compromise the  
> entire page.

Yes, of course. I'm asking about the case where everything is equivalent  
with if the page were loaded as https. Certificates check out, all  
dependencies are secure, etc. Section 6.1 states that the page MUST NOT be  
indicated to be secure, even though there is no practical difference.

/Martin Nilsson

-- 
Using Opera's revolutionary email client: http://www.opera.com/mail/

v2.23.0 | Report a Bug | By Email