mnot’s blog

Design depends largely on constraints.” — Charles Eames

Monday, 17 March 2014

Trying out TLS for HTTP:// URLs

The IETF now considers “pervasive monitoring” to be an attack. As Snowden points out, one of the more effective ways to combat it is to use encryption everywhere you can, and “opportunistic encryption” keeps on coming up as one way to help that. I was asked to introduce the session on this topic at the recent STRINT workshop. There was a lot of disagreement both about the terminology to use, as well as back-and-forth on whether it’s a good idea....

this entry’s page

Thursday, 30 January 2014

Nine Things to Expect from HTTP/2

HTTP/2 is getting close to being real, with lots of discussions and more implementations popping up every week. What does a new version of the Web’s protocol mean for you? Here are some early answers: 1. Same HTTP APIs Making HTTP/2 succeed means that it has to work with the existing Web. So, this effort is about getting the HTTP we know on the wire in a better way, not changing what the protocol means. This means HTTP/2 isn’t introducing...

this entry’s page

Saturday, 4 January 2014

Strengthening HTTP: A Personal View

Recently, one of the hottest topics in the Internet protocol community has been whether the newest version of the Web’s protocol, HTTP/2, will require, encourage or indeed say anything about the use of encryption in response to the pervasive monitoring attacks revealed to the world by Edward Snowden. Jari Arkko, the IETF Chair, has encouraged me to write some of my thoughts about this down, to explain to a wider audience how we got here and where it might lead....

this entry’s page (1 comment)

Sunday, 23 June 2013

Five Reasons to Considering Linking in Your HTTP APIs

There’s been a lot of interest in and effort expended upon “hypermedia APIs” recently. However, I see a fair amount of resistance to it from developers and ops folks, because the pragmatic benefits aren’t often clear.  This is as it should be, IMO; if you’re not able to describe concrete benefits without hand-waving about the “massive scale of the Web.” The trick, is that those benefits are often subtle and situational. A while back I talked about different types of...

this entry’s page (5 comments)

Friday, 21 June 2013

A Few Thoughts about PRISM

The NSA PRISM story broke while I was on the road; last week I was in Tokyo for W3C meetings, moving to San Francisco for a HTTP meeting and Velocity. As  a result, I’ve had a chance to see the reaction of a pretty good cross-section of the tech industry’s reaction. To generalise, I’d say it was condemnation, but not surprise. As many have written, there’s a strong streak of respect for privacy and individual rights in Silicon Valley, but...

this entry’s page

Creative Commons