W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Patrick McManus <mcmanus@ducksong.com>
Date: Fri, 5 Sep 2014 08:05:03 -0400
Message-ID: <CAOdDvNpK2UkdktP1yFLUuNPhGuMYTJEsHsGuH_cwZPmxy3-Dfw@mail.gmail.com>
To: Greg Wilkins <gregw@intalio.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Fri, Sep 5, 2014 at 6:56 AM, Greg Wilkins <gregw@intalio.com> wrote:

>
>
> If the ciphers are inadequate for h2, then why aren't they inadequate for
> http/1, spdy and
> other protocols the ALPN might list?
>

they might well be inadequate for all those protocols, but we accept them
for the sake of backwards compatibility. (basically the same reason we
accept http:// urls at all).

h2 is an opportunity to update to current best practice. If you design a
pure h2 service you can be more confident in its security properties.
Received on Friday, 5 September 2014 12:05:32 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC