IETF Logo Mail Archive

Re: New Version Notification for draft-nottingham-http2-encryption-03.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 20 May 2014 08:33 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DB681A04AA for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 20 May 2014 01:33:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.553
X-Spam-Level:
X-Spam-Status: No, score=-7.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nvL3nPZymOdU for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 20 May 2014 01:33:21 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 435CF1A0315 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 20 May 2014 01:33:21 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1WmfSX-0001Ul-GT for ietf-http-wg-dist@listhub.w3.org; Tue, 20 May 2014 08:31:41 +0000
Resent-Date: Tue, 20 May 2014 08:31:41 +0000
Resent-Message-Id: <E1WmfSX-0001Ul-GT@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <stephen.farrell@cs.tcd.ie>) id 1WmfSK-0001SM-HB for ietf-http-wg@listhub.w3.org; Tue, 20 May 2014 08:31:28 +0000
Received: from mercury.scss.tcd.ie ([134.226.56.6]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <stephen.farrell@cs.tcd.ie>) id 1WmfSG-0007Tt-BQ for ietf-http-wg@w3.org; Tue, 20 May 2014 08:31:28 +0000
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C3275BE57; Tue, 20 May 2014 09:31:02 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xGwlFtW7i6PA; Tue, 20 May 2014 09:31:02 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id A040CBE50; Tue, 20 May 2014 09:31:02 +0100 (IST)
Message-ID: <537B12C7.2040400@cs.tcd.ie>
Date: Tue, 20 May 2014 09:31:03 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>
CC: HTTP Working Group <ietf-http-wg@w3.org>
References: <20140520034054.10225.92036.idtracker@ietfa.amsl.com> <5905C797-A8E2-417B-94AB-589C174382BA@mnot.net> <CABkgnnWNWUtAe5EfPdpLaDKRug0QuW7ngm-v7t_B3LJSf6fRCQ@mail.gmail.com>
In-Reply-To: <CABkgnnWNWUtAe5EfPdpLaDKRug0QuW7ngm-v7t_B3LJSf6fRCQ@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Received-SPF: none client-ip=134.226.56.6; envelope-from=stephen.farrell@cs.tcd.ie; helo=mercury.scss.tcd.ie
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: AWL=-3.125, RP_MATCHES_RCVD=-0.651
X-W3C-Scan-Sig: maggie.w3.org 1WmfSG-0007Tt-BQ db2dc38d21df877625d7b070e9cf2b93
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New Version Notification for draft-nottingham-http2-encryption-03.txt
Archived-At: <http://www.w3.org/mid/537B12C7.2040400@cs.tcd.ie>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/23716
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hiya,

On 20/05/14 04:59, Martin Thomson wrote:
> On 19 May 2014 20:42, Mark Nottingham <mnot@mnot.net> wrote:
>> FYI - Martin went away and did some substantial revision of this draft, and is now an author.

Good stuff.

> The changes incorporate a draft you might have seen, but I didn't
> announce.  The main innovation here is a way to make the whole thing
> sticky in an effort to reduce the opportunity for downgrade attack.
> Pretty standard stuff, but included as a bit of a thought experiment
> as well as a bit of a test to see what people think.

Would you be ok with s/opportunistic encryption/opportunistic
security/? The latter is the term that the saag discussion has
ended up landing on, (post bikeshed:-) so it'd be good if
that worked here too.

I wonder if the MUST and MUST NOT terms in 5.1 are ok. But
if they're there to find that out then that's fine:-)

And BTW - just in case folks here haven't seen it, some FB
folks have published stats [1] on what they've seen with
MTA-MTA STARTTLS and the interesting number for this is
that they are seeing 58% of outbound emails being encrypted
that way, with about half of those being what they call
"strict" and half being what they call opportunistic.
That seems to imply that we could perhaps double the
amount of HTTP traffic using TLS with the mechanism from
this draft, (compared to "https") and in short order. (I
don't know of historic figures for the FB stuff, but
previous guesstimates I've seen were of the order of 20%
or so and not 58%. I'd be very interested in similar
numbers/trends folks are willing to talk about for HTTP
as well.)

That seems like real evidence for a huge potential win
to me, even if the situations aren't quite the same. Fears
that opportunistic security for HTTP might be somehow
dodgy seem to me to pale into insignificance in the face
of such actual evidence.

S.

[1] https://www.facebook.com/notes/1453015901605223/

v2.23.0 | Report a Bug | By Email