W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Patrick McManus <mcmanus@ducksong.com>
Date: Fri, 5 Sep 2014 11:15:43 -0400
Message-ID: <CAOdDvNqT2xpFwtnSK+MrJ6BPC9FScXw-9s1BbZxkoMZ=UxK38g@mail.gmail.com>
To: Simone Bordet <simone.bordet@gmail.com>
Cc: Greg Wilkins <gregw@intalio.com>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Fri, Sep 5, 2014 at 9:53 AM, Simone Bordet <simone.bordet@gmail.com>
wrote:



> If tomorrow those ciphers are discovered flawed or better ones
> invented, why should the HTTP/2.0 specification be modified at all ?
>

The intent of the existing text is to provide minimum requirements for use
of a new protocol. If new approaches become a best practice in the future
they can be used with h2 (without modifying the h2 definition) as I
understand it. I'm sure Martin would entertain changes to the text to help
make that clear. And sure, as time goes by we will have problems along the
lines of "X is now known insecure, do I need to keep accepting it for
backwards compatibility" - but we don't have to start by allowing
X=RC4-SHA1 on day one.. this will help clear the decks of accumulated
cruft, which is worthwhile even if more cruft will inevitably arrive.
Received on Friday, 5 September 2014 15:16:11 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC