Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Technical addendum to "http: Must Die!"

From: David Farber <dave () farber net>
Date: Tue, 11 Dec 2007 04:12:21 -0500


Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: December 11, 2007 12:55:45 AM EST
To: dave () farber net
Cc: lauren () vortex com
Subject: Technical addendum to "http: Must Die!"


Greetings.  Some early feedback to "http: Must Die!"
( http://lauren.vortex.com/archive/000338.html ) took me to task for
using the term "SSL" rather than "TLS" in conjunction with my call
for encryption.  OK, ya' got me, TLS is the correct term these days
for current systems.  I admit it, I'm sometimes guilty of referring
to both protocols as SSL in my non-technical, general Internet
audience writings.

Among the Internet user population at large the term SSL is still
more recognized, from a functional standpoint both SSL and TLS are
extremely similar, and they both are intertwined historically.
However, I'm properly chastised, have changed the occurrences of SSL
to TLS above in the main posting, and will avoid this lapse in the
future.

Secondly, it's been noted that a significant holdup to https:
implementations in some key environments has been the traditional
requirement for a separate IP address when using SSL/TLS, rendering
server virtual hosts unusable.

However, RFCs 2817 ( http://www.ietf.org/rfc/rfc2817.txt )
and 3546 ( http://www.ietf.org/rfc/rfc3546.txt ) address this issue
via suitable extensions, and various relevant implementations already
exist, though there's more work to do.

I didn't say that a transition to a fully encrypted Web environment
could happen overnight.  But all of the basic foundational pieces
that we need to do so -- with suitable effort -- are already pretty
much in place.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
  - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com


-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: