[cryptography] STARTTLS for HTTP

Tom Ritter tom at ritter.vg
Tue Aug 19 09:59:00 EDT 2014


On 18 August 2014 23:29, Tony Arcieri <bascule at gmail.com> wrote:
> Anyone know why this hasn't gained adoption?
>
> http://tools.ietf.org/html/rfc2817
>
> I've been watching various efforts at widespread opportunistic encryption,
> like TCPINC and STARTTLS in SMTP. It's made me wonder why it isn't used for
> HTTP.

What's the point?  Anything that speaks HTTP also speaks HTTPS, so
there's no need for the "If you support it, I have TLS available."
Just use any of multitude of redirect mechanisms for your webserver to
kick people onto HTTPS.

> Opportunistic encryption could be completely transparent. We don't need any
> external facing UI changes for users (although perhaps plaintext HTTP on
> port 80 could show a broken lock). Instead, if the server and client
> mutually support it, TLS with an unauthenticated key exchange is used.

I didn't read the draft word for word, but I don't see anything in it
that indicates the client MUST NOT validate the server certificate or
MUST use anonymous ciphersuites.  Indeed it seems to say the opposite.

-tom


More information about the cryptography mailing list