- From: Roland Zink <roland@zinks.de>
- Date: Wed, 24 Sep 2014 10:43:08 +0200
- To: ietf-http-wg@w3.org
On 24.09.2014 09:02, Eric Rescorla wrote: > I'm sorry, I'm not following this point. > > Say that someone invents some new cipher suite, X. It's either > acceptable for h2 or it's not [0]. The client then behaves as follows: > > - If it is acceptable for h2, the client offers it, since everything is > fine. > - If it's not acceptable for h2, the client offers it, secure in the > knowledge that a conformant server will (per 9.2.2) not negotiate > it for h2. > > As far as I can tell, either of these is fine. Do you disagree? > When h2 is upgraded to allow X (per 9.2.2X) then an old client offering X only for some other protocol will not work with a new h2 server as it will reject based on 9.2.2. So to allow X we would need h3. When you assume the h2 client just white lists the current set of AEAD ciphers then you not even can add a new AEAD cipher as the client may reject it for h2 even when offered in the list of supported ciphers. Roland
Received on Wednesday, 24 September 2014 08:43:34 UTC