[cryptography] STARTTLS for HTTP

Tom Ritter tom at ritter.vg
Tue Aug 19 09:59:00 EDT 2014

On 18 August 2014 23:29, Tony Arcieri <bascule at gmail.com> wrote:
> Anyone know why this hasn't gained adoption?
> http://tools.ietf.org/html/rfc2817
> I've been watching various efforts at widespread opportunistic encryption,
> like TCPINC and STARTTLS in SMTP. It's made me wonder why it isn't used for

What's the point?  Anything that speaks HTTP also speaks HTTPS, so
there's no need for the "If you support it, I have TLS available."
Just use any of multitude of redirect mechanisms for your webserver to
kick people onto HTTPS.

> Opportunistic encryption could be completely transparent. We don't need any
> external facing UI changes for users (although perhaps plaintext HTTP on
> port 80 could show a broken lock). Instead, if the server and client
> mutually support it, TLS with an unauthenticated key exchange is used.

I didn't read the draft word for word, but I don't see anything in it
that indicates the client MUST NOT validate the server certificate or
MUST use anonymous ciphersuites.  Indeed it seems to say the opposite.


More information about the cryptography mailing list