Scribd
Upload
28 views

Adam Langley IETF 90 - July 2014

The document discusses how HTTP/2 and proxies can be implemented. It notes that in the beginning, SPDY had three options for running: 1) on a different port, 2) over HTTP with an Upgrade header, or 3) over TLS. Testing from 2009 showed that running over TLS was the most popular option, with 86-95% of users choosing it. The document states that the popularity of HTTPS and encryption has helped prevent firewalls and middleware from disrupting communication over port 443. It argues that end-to-end encryption is important and acts as the strongest guardian for the end-to-end principle on the internet.

Uploaded by

Rodrigo Románovich Fiodorovich
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views

Adam Langley IETF 90 - July 2014

The document discusses how HTTP/2 and proxies can be implemented. It notes that in the beginning, SPDY had three options for running: 1) on a different port, 2) over HTTP with an Upgrade header, or 3) over TLS. Testing from 2009 showed that running over TLS was the most popular option, with 86-95% of users choosing it. The document states that the popularity of HTTPS and encryption has helped prevent firewalls and middleware from disrupting communication over port 443. It argues that end-to-end encryption is important and acts as the strongest guardian for the end-to-end principle on the internet.

Uploaded by

Rodrigo Románovich Fiodorovich
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

HTTP/2 and Proxies

Adam Langley <[email protected]>


IETF 90 - July 2014

In the beginning, SPDY had three


options
1. Run on a different port
2. Run over HTTP with an Upgrade header or other
signaling
3. Run over TLS

In the beginning, SPDY had three


options
1. Run on a different port
2. Run over HTTP with an Upgrade header or other
signaling - 67%
3. Run over TLS

In the beginning, SPDY had three


options
1. Run on a different port - 86%
2. Run over HTTP with an Upgrade header or other
signaling - 67%
3. Run over TLS

In the beginning, SPDY had three


options
1. Run on a different port - 86%
2. Run over HTTP with an Upgrade header or other
signaling - 67%
3. Run over TLS - 95%
(Tests run for WebSockets deployment, 2009)
(Data from WebSockets experiments, 2009)

Although not the original intent, the cryptography and


popularity of HTTPS stopped the rising miasma of firewalls
and network middleware from destroying port 443.

The end-to-end principle is important, and cryptography is


its strongest guardian.

Plaintext is no longer reasonable.

End-to-end security is important, and cryptography is its


strongest guardian.
We cannot build a sane Internet without end-to-end
cryptography.

User-consent is a failure from


the 90s
We are certainly not looking to make our
security UI more complex.
We are still paying off the debts of things like
the ability to bypass an SSL interstitial.
Chromes SSL interstitials are bypassed
~70% of the time at the moment.

This means that filtering has to be


done at the client.

You might also like