- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Wed, 16 Jul 2014 17:01:36 -0700
- To: HTTP Working Group <ietf-http-wg@w3.org>
In consultation with ekr, I've put together a proposal for addressing #498, listing mandatory to implement cipher suites. The text is short: + Implementations MUST support TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + <xref target="TLS12"/> and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + <xref target="TLS-ECDHE"/> with P256 <xref target="FIPS186"/>. -- https://github.com/http2/http2-spec/pull/562 The reason I'm posting is to confirm that adding what is called a "downref" is OK with this group. A "downref" is a normative reference to a non-standard document, in this case, an RFC that is in the Informational category [RFC5289]. This is allowed in the IETF process, but it requires that the choice be made quite explicit. Read RFC 3967 if you want all the gory details. Note that the TLS working group is currently debating whether or not to put the relevant ECC RFCs on the standards track, which could make this question moot. If you want to debate the merits of the particular choices, I'd request that you start another thread for that purpose. I only want to track the procedural issue here.
Received on Thursday, 17 July 2014 00:02:04 UTC