- From: Simone Bordet <simone.bordet@gmail.com>
- Date: Fri, 5 Sep 2014 15:53:35 +0200
- To: Patrick McManus <mcmanus@ducksong.com>
- Cc: Greg Wilkins <gregw@intalio.com>, Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Hi, On Fri, Sep 5, 2014 at 2:05 PM, Patrick McManus <mcmanus@ducksong.com> wrote: > they might well be inadequate for all those protocols, but we accept them > for the sake of backwards compatibility. (basically the same reason we > accept http:// urls at all). > > h2 is an opportunity to update to current best practice. If you design a > pure h2 service you can be more confident in its security properties. But is not this concern orthogonal to HTTP/2.0 ? If tomorrow those ciphers are discovered flawed or better ones invented, why should the HTTP/2.0 specification be modified at all ? For the record, while it may be possible to do something in JDK 8 about preferred ciphers (did not try yet), it's not possible in JDK 7 because the relevant methods have been added only in JDK 8. Is this opportunity the only reason 9.2.2 is present in the HTTP/2.0 specification ? Thanks ! -- Simone Bordet http://bordet.blogspot.com --- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz
Received on Friday, 5 September 2014 13:54:07 UTC