IETF Logo Mail Archive

Re: [hybi] workability (or otherwise) of HTTP upgrade

Joe Mason <jmason@rim.com> Tue, 07 December 2010 15:26 UTC

Return-Path: <jmason@rim.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6B5DF3A6996 for <hybi@core3.amsl.com>; Tue, 7 Dec 2010 07:26:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.358
X-Spam-Level:
X-Spam-Status: No, score=-5.358 tagged_above=-999 required=5 tests=[AWL=-0.155, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w6zv7gzvhtGP for <hybi@core3.amsl.com>; Tue, 7 Dec 2010 07:26:26 -0800 (PST)
Received: from mhs04ykf.rim.net (mhs04ykf.rim.net [216.9.243.82]) by core3.amsl.com (Postfix) with ESMTP id 2B9AC3A699A for <hybi@ietf.org>; Tue, 7 Dec 2010 07:26:17 -0800 (PST)
X-AuditID: 0a666446-b7bbaae000000a25-b3-4cfe5257938d
Received: from XHT105CNC.rim.net ( [10.65.12.216]) by mhs04ykf.rim.net (RIM Mail) with SMTP id 62.E3.02597.7525EFC4; Tue, 7 Dec 2010 10:27:19 -0500 (EST)
Received: from XCH117CNC.rim.net ([fe80::b8df:541f:9d85:9909]) by XHT105CNC.rim.net ([fe80::24dd:699b:a19e:2bcc%11]) with mapi; Tue, 7 Dec 2010 10:27:19 -0500
From: Joe Mason <jmason@rim.com>
To: Maciej Stachowiak <mjs@apple.com>, Mark Nottingham <mnot@mnot.net>
Date: Tue, 07 Dec 2010 10:27:20 -0500
Thread-Topic: [hybi] workability (or otherwise) of HTTP upgrade
Thread-Index: AcuV3RYhja1ziQ4dRqCD+UM5QLvEiQARUORg
Message-ID: <BB31C4AB95A70042A256109D461991260583956C@XCH117CNC.rim.net>
References: <AANLkTin6=8_Bhn2YseoSHGh1OSkQzsYrTW=fMiPvYps1@mail.gmail.com> <20101126000352.ad396b9a.eric@bisonsystems.net> <AANLkTimzQyG4hugOvHqoNrBrZFA4fGbGXQ7MZ2i+68dO@mail.gmail.com> <BB947F6D-15AA-455D-B830-5E12C80C1ACD@mnot.net> <81870DB1-B177-4253-8233-52C4168BE99D@apple.com> <F4D1B715-3606-4E9A-BFB2-8B7BC11BE331@mnot.net> <57D4B885-B1D8-482F-8747-6460C0FFF166@apple.com> <37A00E8D-B55C-49AD-A85C-A299C80FFF17@mnot.net> <4F2580A7-79C2-4B0A-BCE5-7FB6D9AA0ED7@apple.com>
In-Reply-To: <4F2580A7-79C2-4B0A-BCE5-7FB6D9AA0ED7@apple.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
content-transfer-encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAgAAAZEW1I9v
Cc: hybi HTTP <hybi@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Subject: Re: [hybi] workability (or otherwise) of HTTP upgrade
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Dec 2010 15:26:28 -0000

> -----Original Message-----
> From: hybi-bounces@ietf.org [mailto:hybi-bounces@ietf.org] On Behalf Of
> Maciej Stachowiak
> Sent: Tuesday, December 07, 2010 2:05 AM
> To: Mark Nottingham
> Cc: hybi HTTP; HTTP Working Group
> Subject: Re: [hybi] workability (or otherwise) of HTTP upgrade
> 
> If the goal was not to interoperate with HTTP at all, it would be much
> better to use an approach where everything is encrypted. One plausible
> way to do that would be to restrict the protocol to TLS-only, at which
> point the nextprotoneg proposal can take care of dispatch without
> having to involve the HTTP layer. I think this is a plausible option,
> but many hybi WG members have expressed concern about the performance
> issues and other barriers to deployment of an all-TLS solution.
> 
> Another approach is to invent our own crypto and start with a key
> exchange. Inventing crypto makes me nervous compared to using something
> known (such TLS), and might well impose many of the same costs that
> folks are worried about with TLS.

If we are going to encrypt everything, we should just use TLS.  Crypto is an especially bad place to be reinventing the wheel.  As far as I know all the performance concerns apply to any encryption, even simple XOR masking, so there's no point in discussing tradeoffs of various implementations - the tradeoff is whether we want encryption at all.  Once we're over that hump, I don't think any custom encryption scheme is going to have benefits that outweigh TLS's huge benefit of "well understood and in wide use".

Joe

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

v2.23.0 | Report a Bug | By Email