W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: Stricter TLS Usage in HTTP/2

From: Patrick McManus <pmcmanus@mozilla.com>
Date: Wed, 4 Jun 2014 11:52:31 -0400
Message-ID: <CAOdDvNqp_Vbq8r7_RufTef=11K41SKwb5q8t8AyKkkUV3b8qRg@mail.gmail.com>
To: "Richard Wheeldon (rwheeldo)" <rwheeldo@cisco.com>
Cc: Yoav Nir <ynir.ietf@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, William Chan (ι™ˆζ™Ίζ˜Œ) <willchan@chromium.org>, HTTP Working Group <ietf-http-wg@w3.org>, Adam Langley <agl@google.com>
On Wed, Jun 4, 2014 at 11:42 AM, Richard Wheeldon (rwheeldo) <
rwheeldo@cisco.com> wrote:

> From: patrick.ducksong@gmail.com [mailto:patrick.ducksong@gmail.com] On
> Behalf Of Patrick McManus
>  > making the chosen ciphersuite depend on the version of HTTP selected is
> already a requirement of HTTP2. The proposal here is about a change to that
> criteria. Section 9.2
>
> Do we want to revisit that?


perhaps to make it stronger :)


> Personally, I feel that mandating stronger cipher suites makes a lot of
> sense but there're a couple of caveats:
> - I'm not sure how this plays with opportunistic TLS
>

we've implemented both the alt-svc and encryption drafts and enforce the
requirements of 9.2 and have not found this to be a problem.
Received on Wednesday, 4 June 2014 15:52:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC