W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Mandatory to implement cipher suites

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 16 Jul 2014 17:01:36 -0700
Message-ID: <CABkgnnXrwED4ok2zxmFgR7mWKpS3qjcbqs5XLj++4Phz_CgHnQ@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
In consultation with ekr, I've put together a proposal for addressing
#498, listing mandatory to implement cipher suites.

The text is short:

+ Implementations MUST support TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ <xref target="TLS12"/> and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ <xref target="TLS-ECDHE"/> with P256 <xref target="FIPS186"/>.

 -- https://github.com/http2/http2-spec/pull/562

The reason I'm posting is to confirm that adding what is called a
"downref" is OK with this group.

A "downref" is a normative reference to a non-standard document, in
this case, an RFC that is in the Informational category [RFC5289].
This is allowed in the IETF process, but it requires that the choice
be made quite explicit.  Read RFC 3967 if you want all the gory
details.

Note that the TLS working group is currently debating whether or not
to put the relevant ECC RFCs on the standards track, which could make
this question moot.

If you want to debate the merits of the particular choices, I'd
request that you start another thread for that purpose.  I only want
to track the procedural issue here.
Received on Thursday, 17 July 2014 00:02:04 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:09 UTC