[Cryptography] "Re: [cryptography] STARTTLS for HTTP"

Ryan Carboni ryacko at gmail.com
Sat Aug 23 13:32:42 EDT 2014 

On Thu, Aug 21, 2014 at 7:14 AM, Salz, Rich <rsalz at akamai.com> wrote:

> > It would be secure against wifi eavesdropping. But worse it might
> instill a false sense of security. > > Well, maybe.  The "rules" say
that you don't treat HTTP over TLS as if it > were HTTPS.  It's
unauthenticated. And the end-user isn't really supposed > to be led
into thinking that the user-agent is making things secure.  The >
rules for handling cookies, for example, don't let them become "secure
> cookies" just because they were fetched over an encrypted link. > >
It's a hard concept to wrap your head around unless you're a hardcore
HTTP > geek.  You have to think about what the HTTP/2 spec says,
carefully. It's > an implementor's document, not an end-user document.
> > So what will happen?  Hard to say.  Firefox has said they're going
to use > HTTP over TLS because they want as much encryption as
possible. Chrome has > said they will not do it because they want as
much authenticated encryption > as possible. IE has said no, but seems
to be thinking about yes. I haven't > heard what Opera's said, if
anything. And Safari is, as usual for Apple, > keeping things to
themselves. > > It's definitely in a state of flux. And trying to
guess what the browsers > will do is very much the n-body problem,
because they all affect each other > as they call compete for market
share. > >         /r$ > > -- > Principal Security Engineer > Akamai
Technologies, Cambridge MA > IM: rsalz at jabber.me Twitter: RichSalz > >
<div dir="ltr"><div><div>Firefox users are probably going to keep
using Firefox.<br>Chrome users are probably going to keep using
Chrome.<br></div><div>Opera users use Opera because of it's nice
little features.<br></div>

Firefox users are probably going to keep using Firefox. Chrome users
are probably going to keep using Chrome. Opera users use Opera because
of it's nice little features. IE users are likely using a pirated
version of Windows and live in China.
https://en.wikipedia.org/wiki/Brand_loyalty The marginal difference
between Firefox and Chrome, beyond Chrome's sandbox, isn't
particularly great.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140823/206558ae/attachment.html>

More information about the cryptography mailing list