W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 19 Sep 2014 20:19:41 +1200
Message-ID: <541BE71D.4000506@treenet.co.nz>
To: ietf-http-wg@w3.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19/09/2014 6:29 p.m., Cory Benfield wrote:
> On 19 September 2014 07:08, Willy Tarreau wrote:
>> I disagree hre, only the admin knows in what context agents are
>> deployed and what security level is acceptable/accepted. Browser
>> vendors have no idea what usage is made from their product. If
>> I'm using your browser to retrieve photos from my low-level
>> weather satellite in space for whom it's extremely expensive to
>> use higher crypto, it's *my* problem. And if I set up an
>> emergency server to cut the power in a datacenter using a 4096
>> bit key and a cipher that is not supported by 9.2.2 because I
>> feel it's more secure than what is currently required, it's my
>> decision as well.
> 
> This is a good point. As it turns out I'm covered because I will
> have a switch that says "please stop bugging me about ciphers".

If some middleware is "the client" obeying HTTP/2 and rejecting all
communication due to 9.2.2 that switch has no relevance.

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUG+cdAAoJELJo5wb/XPRjN/wH/01ixoWHCUu5fymPtiZDN3Nx
+lquH44IPvySkKILPwc2Pqj4HLT+qATM3SSVcC4CzYQaGRgfruBOQqNjP7NyJWzy
3PxmtJPakbO4XCSsYo77augWjPCJ8tSUIWupsm8rDYLsMM2HlYDe/a+4M8cFa9ob
SDuQbRFrJdf3MhX8PW8Wn+6FRfMJTjz90S9zBf9oPFfWNE65FfzVWqjWJFCFqYVY
AqtzYvC0pj4asYez4lKgvMGa+5Moy3Nr8AH5hmE3c8eMGt1WMmO+8wc7dyR7q2sy
qEUiTVSXx6hcOV0hQPbnQffuAXCFmkwxDWGbNQo3Ks/a/V7nnpSGkiF0ipPEcek=
=KDDY
-----END PGP SIGNATURE-----
Received on Friday, 19 September 2014 08:20:30 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC