W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Patrick McManus <mcmanus@ducksong.com>
Date: Fri, 5 Sep 2014 08:05:03 -0400
Message-ID: <CAOdDvNpK2UkdktP1yFLUuNPhGuMYTJEsHsGuH_cwZPmxy3-Dfw@mail.gmail.com>
To: Greg Wilkins <gregw@intalio.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Fri, Sep 5, 2014 at 6:56 AM, Greg Wilkins <gregw@intalio.com> wrote:

> If the ciphers are inadequate for h2, then why aren't they inadequate for
> http/1, spdy and
> other protocols the ALPN might list?

they might well be inadequate for all those protocols, but we accept them
for the sake of backwards compatibility. (basically the same reason we
accept http:// urls at all).

h2 is an opportunity to update to current best practice. If you design a
pure h2 service you can be more confident in its security properties.
Received on Friday, 5 September 2014 12:05:32 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC