Re: 9.2.2, Rough Consensus, and Working Code

> On Nov 5, 2014, at 11:15 PM, Greg Wilkins <gregw@intalio.com> wrote:
> 
> If we replace MUST with MAY, this make the handshake fragility a much greater interoperability problem.   If the server MAY respond with INADEQUATE_SECURITY, then it also MAY NOT.   Jetty's deferral of cipher selection to the TLS layer will now be spec compliant and the failure to connect even though there were shared ciphers and protocols because a real problem today rather than a possible problem when faces with hypothetical future cipher names.  This makes the handshake broken rather than fragile.
> 
> I know I sound like a scratched record - but we MUST have a robust handshake that does not rely on how we "think" ciphers will evolve.  

Hi Greg, can you take a look at the small proposal I sent a few days ago. I think its closer to what you are looking for:
https://github.com/http2/http2-spec/pull/639/files

--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat

Received on Thursday, 6 November 2014 05:27:16 UTC