> On Wed, Nov 19, 2014 at 1:20 PM, Chris Peterson <cpeter...@mozilla.com> > wrote: >> Given Mozilla's announcements around Let's Encrypt, are there still use >> cases for HTTP+OE? >> >> https://letsencrypt.org/2014/11/18/announcing-lets-encrypt.html
In particular: https://wiki.mozilla.org/Platform/2014-10-14#Necko_.28dougt.2Fjduell.29 says: "Opportunistic Encryption (OE) for HTTP/2 (i.e. if server opts-in we'll upgrade http to use TLS w/o certs) has landed (bug 1003448). Akamai will be our first main use case." Does Akamai's logo appearing on the Let's Encrypt announcements change Akamai's need for OE? (Seems *really* weird if not.) On Wed, Nov 19, 2014 at 3:46 AM, Robert O'Callahan <rob...@ocallahan.org> wrote: > Given Richard Barnes is listed as the editor of Let's Encrypt's ACME spec ( > https://github.com/letsencrypt/acme-spec/blob/master/draft-barnes-acme.md) > and has also been advocating HTTP+OE ... So what are the remaining use cases? HTTP+OE requires you to have TLS set up on the server. Let's Encrypt is about to take away the argument "boohoo certs are too expensive and hard to get". AFAICT, the arguments that remain are: 1) Home routers or NAS boxes don't have a DNS name, so they can't get a publicly trusted certs. 2) Making sure the right keys are on the right servers at the right time is too hard. 3) It's too hard to change old content with third-party includes not to get broken by the mixed content blocker. For case #1, you want https+TOFU--not http+OE. I think we should make the self-signed cert warning different (more situation-appropriate) for RFC 1918 addresses (192.168...., etc.). Argument #2 seems silly: If you have enough servers for it to be a problem, you should have the staff/tools/knowhow to solve it. As for argument #3, getting the Web encrypted in an authenticated manner seems so important that it seems reasonable to tell admins of sites with legacy content that if they want to get HTTP/2 speed, they need to revise those old includes. -- Henri Sivonen hsivo...@hsivonen.fi https://hsivonen.fi/ _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
