- From: Nicholas Hurley <hurley@todesschaf.org>
- Date: Thu, 17 Jul 2014 11:18:33 -0700
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Received on Thursday, 17 July 2014 18:19:01 UTC
On Wed, Jul 16, 2014 at 5:01 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > In consultation with ekr, I've put together a proposal for addressing > #498, listing mandatory to implement cipher suites. > > The text is short: > > + Implementations MUST support TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 > + <xref target="TLS12"/> and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 > + <xref target="TLS-ECDHE"/> with P256 <xref target="FIPS186"/>. > > -- https://github.com/http2/http2-spec/pull/562 > > The reason I'm posting is to confirm that adding what is called a > "downref" is OK with this group. > > A "downref" is a normative reference to a non-standard document, in > this case, an RFC that is in the Informational category [RFC5289]. > This is allowed in the IETF process, but it requires that the choice > be made quite explicit. Read RFC 3967 if you want all the gory > details. > > Note that the TLS working group is currently debating whether or not > to put the relevant ECC RFCs on the standards track, which could make > this question moot. > > If you want to debate the merits of the particular choices, I'd > request that you start another thread for that purpose. I only want > to track the procedural issue here. > > I'm 100% fine with this downref. -- Peace, -Nick
Received on Thursday, 17 July 2014 18:19:01 UTC