W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Stricter TLS Usage in HTTP/2

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 22 May 2014 13:22:15 -0700
Message-ID: <CABkgnnV+bMd11uHyhzpQrBqu9rxJtFiTTmJ-Hg5Jnnh+G9Bu2w@mail.gmail.com>
To: William Chan (陈智昌) <willchan@chromium.org>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Adam Langley <agl@google.com>, Andrei Popov <andrei.popov@microsoft.com>
On 22 May 2014 12:58, William Chan (陈智昌) <willchan@chromium.org> wrote:

> agl@ thought it'd be nice if we could change the spec [to be AEAD only].
> Is this controversial? Can we change the spec's guidance here to be more
> strict?
>

Andrei, can you comment on the availability of AEAD ciphers in schannel?
[1] shows them as only being available with ECDSA certificates.

One data point that might be relevant to this discussion is that TLS 1.3
*only* supports AEAD modes.  But this proposal seems to go a little further
than that by selecting a very narrow set of acceptable suites.

--Martin

[1]
http://msdn.microsoft.com/en-us/library/windows/desktop/aa374757%28v=vs.85%29.aspx
Received on Thursday, 22 May 2014 20:22:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC