[Cryptography] [cryptography] STARTTLS for HTTP

[Salz, Rich]

> It would be secure against wifi eavesdropping. But worse it might instill a false sense of security.

Well, maybe.  The "rules" say that you don't treat HTTP over TLS as if it were HTTPS.  It's unauthenticated. And the end-user isn't really supposed to be led into thinking that the user-agent is making things secure.  The rules for handling cookies, for example, don't let them become "secure cookies" just because they were fetched over an encrypted link.

It's a hard concept to wrap your head around unless you're a hardcore HTTP geek.  You have to think about what the HTTP/2 spec says, carefully. It's an implementor's document, not an end-user document.

So what will happen?  Hard to say.  Firefox has said they're going to use HTTP over TLS because they want as much encryption as possible. Chrome has said they will not do it because they want as much authenticated encryption as possible. IE has said no, but seems to be thinking about yes. I haven't heard what Opera's said, if anything. And Safari is, as usual for Apple, keeping things to themselves.

It's definitely in a state of flux. And trying to guess what the browsers will do is very much the n-body problem, because they all affect each other as they call compete for market share.

	/r$

--  
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rsalz at jabber.me Twitter: RichSalz