- From: Mike Belshe <mike@belshe.com>
- Date: Tue, 17 Jul 2012 21:24:09 -0700
- To: grahame@healthintersections.com.au
- Cc: "Adrien W. de Croy" <adrien@qbik.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Received on Wednesday, 18 July 2012 04:24:37 UTC
On Tue, Jul 17, 2012 at 9:20 PM, Grahame Grieve <grahame@kestral.com.au>wrote: > > Can you enumerate these? For debugging, of course it makes sense for > > endpoints to have unencrypted modes. > > oh? but it was going to be mandatory. Except when it's not? which is it? > If it's mandatory by policy, but not technically actually required, > then... well.. > I think I know how that will turn out. > Naw - this is not a big deal. For instance, a server can send a NULL cipher to the client. In normal modes, browsers will reject the NULL cipher and not negotiate it. however, you can use command line flags to allow it. We do this all the time. Another example is for turning on same-origin-policy. Browsers often have debugging modes for turning it off. You have to run the browser in a special, techie, opt-in way to do it, but it is there. I used these all the time when developing in Chrome. Mike > > Grahame >
Received on Wednesday, 18 July 2012 04:24:37 UTC