Re: Updated 9.2 from Greg Wilkins on 2014-10-11 (ietf-http-wg@w3.org from October to December 2014)

From: Greg Wilkins <gregw@intalio.com>
Date: Sun, 12 Oct 2014 09:16:14 +1100
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAH_y2NHkmvvoomn9toVhX1AgX=Jv3hKft46FM27K42yO7ficsQ@mail.gmail.com>

On 11 October 2014 19:53, Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
wrote:

> AFAIK, 9.2.2 with proposed modifications plus server operating on
> blacklist instead of whitelist is not fragile.

So long as the client uses a whitelist and so long as the server operates on
a black list and so long as the server can actually influence cipher
selection
and so long as it bans any cipher matching the 3 patterns you provided
and so long as cipher names never differ from those patterns and so long as
no additional patterns are configured.

I think you just defined fragile.

regards

-- 
Greg Wilkins <gregw@intalio.com>  @  Webtide - *an Intalio subsidiary*
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.

Received on Saturday, 11 October 2014 22:16:43 UTC