On 11/18/2013 09:13 AM, Learmonth, Iain Ross wrote: > >> Other foo/tls protocols will also soon have a separate venue [3] >> and we have a TLS working group. So I see little left to discuss >> about TLS on this list to be honest. > >> [3] https://datatracker.ietf.org/doc/charter-ietf-uta/ > > I agree that the HTTP/TLS discussion should be moved to the uta (Using TLS in > Applications) mailing list, when one exists, with regard to authentication. > It protects far more against active attacks and this list is about preventing > passive mass monitoring being useful. > > I think that the discussion relating to the use of TLS for encryption, its > effect on proxies and CDNs, and the fact that CDNs are a privacy issue still > need discussion here and are relevant to this list.
Well, please bear in mind that httpbis are have a HUGE discussion (~100 mails/day) on exactly this for HTTP/2.0 which is raging now, so let's at least punt the discussion here for a few weeks until the immediate work in httpbis settles down. Or dive in there [1], seems like everyone else is doing that already;-) Pretty please? S. [1] http://tools.ietf.org/wg/httpbis/ > The main question: are there times when we would ever want HTTP traffic to > not be encrypted? > The secondary question is: how does the trust model for CDNs be improved? I > don't believe that third-party CDNs that do caching and have access to > private information are a good idea. Maybe we can come up with some best > practices like only proxy static content but directly contact for dynamic > content that could contain private information and declaring in the cert that > you're contacting a CDN instead of the actual site? But then there are no > guarantees that people are following them. > > Iain. > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass > _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
