- From: Eric J. Bowman <eric@bisonsystems.net>
- Date: Thu, 13 Nov 2014 20:02:37 -0700
- To: Yoav Nir <ynir.ietf@gmail.com>
- Cc: Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>
Yoav Nir <ynir.ietf@gmail.com> wrote: > > > I have to agree with Roy on this one. Inadequate vs. Inappropriate > > is a moot point; I'd never send either, vs. closing the connection. > > Assuming that receiving the error code generates a log, while RST-ing > the connection is chalked up to network glitch, it could provide > information to the administrator to somehow reconfigure the server to > make the logs go away. > Which would be a bad thing, how? I'm a server guy, so my gut instinct is that client-based bad outcomes are more worrisome. More bad-actor clients than servers, IMO, but I lack statistical backing. Feel free to enlighten me, because honestly, I get in over my head on the pros and cons of TLS_RSA_WITH_AES_128_GCM vs. TLS_RSA_WITH_AES_128_CBC_SHA and such. What I do (think I) know, is that these intricacies are best not exposed. Because the client can always close the connection and try again, without the whole world knowing why. Or maybe I'm smoking the wrong kind of cigarettes -- I do live in Colorado, you know... ;-) -Eric
Received on Friday, 14 November 2014 03:03:40 UTC