On Mon, Nov 18, 2013 at 6:46 AM, Stephen Farrell <[email protected]>wrote:
> > > On 11/18/2013 09:13 AM, Learmonth, Iain Ross wrote: > > > >> Other foo/tls protocols will also soon have a separate venue [3] > >> and we have a TLS working group. So I see little left to discuss > >> about TLS on this list to be honest. > > > >> [3] https://datatracker.ietf.org/doc/charter-ietf-uta/ > > > > I agree that the HTTP/TLS discussion should be moved to the uta (Using > TLS in Applications) mailing list, when one exists, with regard to > authentication. It protects far more against active attacks and this list > is about preventing passive mass monitoring being useful. > > > > I think that the discussion relating to the use of TLS for encryption, > its effect on proxies and CDNs, and the fact that CDNs are a privacy issue > still need discussion here and are relevant to this list. > > Well, please bear in mind that httpbis are have a HUGE discussion > (~100 mails/day) on exactly this for HTTP/2.0 which is raging now, > so let's at least punt the discussion here for a few weeks until > the immediate work in httpbis settles down. Or dive in there [1], > seems like everyone else is doing that already;-) > Its a lot more than 100 a day. There are close to 100 in a thread you started last night. And that is the weekend. All the chatter about confidentiality and nobody is interested in fixing the massive hole in the use of cookies for authentication. And they can't even see the connection between the two. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
