[cryptography] STARTTLS for HTTP

Florian Weimer fw at deneb.enyo.de
Sat Aug 30 06:08:28 EDT 2014

* Tom Ritter:

>> I've been watching various efforts at widespread opportunistic encryption,
>> like TCPINC and STARTTLS in SMTP. It's made me wonder why it isn't used for
>> HTTP.
> What's the point?  Anything that speaks HTTP also speaks HTTPS, so
> there's no need for the "If you support it, I have TLS available."
> Just use any of multitude of redirect mechanisms for your webserver to
> kick people onto HTTPS.

Some clients do not send SNI, so it's possible to send HTTP requests
to the right server, but not HTTPS requests.  You also have to go
through the hassle of obtaining and renewing certificates.  Here,
"you" means the person uploading content, the server operator isn't
supposed to get certificates without your explicit consent (and
collecting an additional fee).

If basic encryption was purely a transport layer matter (without
authentication and security against active attackers), server
operators could simply negotiate it with clients, just like they
assign customer domains to IP addresses as they see fit today.

More information about the cryptography mailing list