Re: PRISM and HTTP/2.0

"Poul-Henning Kamp" <phk@phk.freebsd.dk> Sun, 14 July 2013 23:02 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5632A21F9C32 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 14 Jul 2013 16:02:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 39ym-085g5lK for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 14 Jul 2013 16:02:22 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 1ADD721F9A92 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 14 Jul 2013 16:02:22 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UyVI0-0002dz-DB for ietf-http-wg-dist@listhub.w3.org; Sun, 14 Jul 2013 23:01:12 +0000
Resent-Date: Sun, 14 Jul 2013 23:01:12 +0000
Resent-Message-Id: <E1UyVI0-0002dz-DB@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1UyVHs-0002ct-HK for ietf-http-wg@listhub.w3.org; Sun, 14 Jul 2013 23:01:04 +0000
Received: from phk.freebsd.dk ([130.225.244.222]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <phk@phk.freebsd.dk>) id 1UyVHr-0005cN-AG for ietf-http-wg@w3.org; Sun, 14 Jul 2013 23:01:04 +0000
Received: from critter.freebsd.dk (unknown [192.168.48.2]) by phk.freebsd.dk (Postfix) with ESMTP id 681023EB8C; Sun, 14 Jul 2013 23:00:41 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.7/8.14.7) with ESMTP id r6EN0dAM019201; Sun, 14 Jul 2013 23:00:40 GMT (envelope-from phk@phk.freebsd.dk)
To: Mark Nottingham <mnot@mnot.net>
cc: Roberto Peon <grmocg@gmail.com>, J Ross Nicoll <jrn@jrn.me.uk>, HTTP Working Group <ietf-http-wg@w3.org>
In-reply-to: <2F43265D-E004-4038-AD79-8BC2D968C585@mnot.net>
From: Poul-Henning Kamp <phk@phk.freebsd.dk>
References: <5672.1373710085@critter.freebsd.dk> <51E1D7AF.20708@jrn.me.uk> <CAP+FsNekY4WWdsYdUX3_vUWm1pqepWOH7PdiS9ZxpFwkHnqXWA@mail.gmail.com> <2F43265D-E004-4038-AD79-8BC2D968C585@mnot.net>
Content-Type: text/plain; charset="ISO-8859-1"
Date: Sun, 14 Jul 2013 23:00:38 +0000
Message-ID: <19200.1373842838@critter.freebsd.dk>
Received-SPF: none client-ip=130.225.244.222; envelope-from=phk@phk.freebsd.dk; helo=phk.freebsd.dk
X-W3C-Hub-Spam-Status: No, score=-3.6
X-W3C-Hub-Spam-Report: AWL=-3.246, RP_MATCHES_RCVD=-0.39
X-W3C-Scan-Sig: maggie.w3.org 1UyVHr-0005cN-AG b5d3698c374b110bf0306859d53618de
X-Original-To: ietf-http-wg@w3.org
Subject: Re: PRISM and HTTP/2.0
Archived-At: <http://www.w3.org/mid/19200.1373842838@critter.freebsd.dk>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18771
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

In message <2F43265D-E004-4038-AD79-8BC2D968C585@mnot.net>, Mark Nottingham wri
tes:

>I have no problem using HTTP/2 as a way to drive these discussions and 
>consolidate the efforts by requiring particular things to be done when 
>you use the protocol. However, we can't fix the whole world here; we 
>need to stay focused.

Indeed we can not, but I think the shift in security perceptions
PRISM have caused needs to inform us nontheless.

For instance, it is now naive to assume that the only encryption
which will ever be used around HTTP/2.0 is going to be SSL/TLS.

We have thankfully settled that HTTP/2.0 can be moved on any
transparent byte-pipe.

But maybe it would be a good idea to also expressly tag the frames
which needs cryptographic protection (object bodies) and which does
not (house keeping, routing envelopes, headers), in order to enable
future encryption schemes which are not stream, but message based ?

It would be sad to spend this much effort to build the last tea-clipper.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.