W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: null ciphers in 9.2.2

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 30 Sep 2014 13:34:59 -0700
Message-ID: <CABkgnnWPwcpjLJ+=eJAJ6JYFXdJKZRC_waFxYR2SNAAgz-fRzA@mail.gmail.com>
To: "FOSSATI, Thomas (Thomas)" <thomas.fossati@alcatel-lucent.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 30 September 2014 13:25, FOSSATI, Thomas (Thomas)
<thomas.fossati@alcatel-lucent.com> wrote:
> true for https resources.  But I can't find any explicit reference to https in 9.2 (and subsections), therefore I was inferring that those requirements also apply to opp-sec use of TLS?

Would you like to make an argument for integrity-only for
opportunistic security?  I can't imagine any argument that I'd find
compelling, but am always willing to be surprised.
Received on Tuesday, 30 September 2014 20:35:26 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC