W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Stuart Douglas <stuart.w.douglas@gmail.com>
Date: Fri, 19 Sep 2014 10:57:21 +1000
Message-ID: <541B7F71.8090109@gmail.com>
To: "Roy T. Fielding" <fielding@gbiv.com>
CC: Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>
I also think that this should not be in the HTTP2 spec, and looking the 
WG's HTTP2 charter I think that is explicitly listed as being out of scope:

Explicitly out-of-scope items include:
* Specifying the use of alternate transport-layer protocols. Note that 
it is expected that the Working Group will work with the TLS working 
group to define how the protocol is used with the TLS Protocol; any 
revisions to RFC 2818 will be done in the TLS working group.


Roy T. Fielding wrote:
> I still don't believe that any of these requirements belong in h2,
> and I won't implement them even if they end up in the RFC.  It is
> not the HTTP server's responsibility to second-guess the configuration
> regarding the security properties of the underlying connections.
> We have no idea what hardware or gateways might be doing to secure those
> connections.  We don't even know what TLS library is being used,
> since all we see is an API into someone else's code.
> TLS requirements belong in the TLS code.
> ....Roy
Received on Friday, 19 September 2014 00:57:56 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC