- From: Cory Benfield <cory@lukasa.co.uk>
- Date: Fri, 15 Aug 2014 14:12:27 +0100
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 15 August 2014 13:34, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > > [long message snipped] > > To summ up: It doesn't matter that they can instantly see it is > "phony" TLS, they still have to work much harder to get at it. Before this email I had not grasped the value of Opp-Sec, and would not have implemented it. I am now swayed. I would happily go to bat for PHK's proposal of allowing Opp-Sec with 'whitened' cipher suite restrictions, and would implement it for both HTTP/2 and HTTP/1.1.
Received on Friday, 15 August 2014 13:13:00 UTC