[cryptography] Fwd: Moving forward on improving HTTP's security

Paul Hoffman paul.hoffman at vpnc.org
Wed Nov 13 14:11:10 EST 2013


On Nov 13, 2013, at 10:40 AM, Greg <greg at kinostudios.com> wrote:

> If you haven't heard, the IETF is trying to move forward with "HTTP 2.0", which is, from what I can tell, simply "HTTPS all the time".

The latter is a mis-characterization. If you read the WG's mailing list, you will see that there are a variety of opinions on HTTPS, authenticated TLS vs. non-authenticated TLS, and so on. It is *way* too early to judge the IETF's direction (or severe lack thereof). I believe something will happen to cause lots more encryption of HTTP, but what this will be is still very unclear.

--Paul Hoffman


More information about the cryptography mailing list