- From: Greg Wilkins <gregw@intalio.com>
- Date: Sat, 6 Sep 2014 16:36:34 +1000
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAH_y2NHrbH5Objwhq9E89QexhQtND4uOdy8q7OEckTCU17WqKg@mail.gmail.com>
On 6 September 2014 15:03, Martin Thomson <martin.thomson@gmail.com> wrote: > > Preferable is subjective. We've seen that demonstrated many times > where servers pick RC4 over better ciphers because ...well, I can only > speculate. > Exactly! Sometimes infrastructure that is out of your control does things according to the standards that you would rather they didn't. I don't see how requiring h2 capable servers to sulk in protest and only serve h1 is going to help? Just because browser vendors are unwilling to deprecate bad ciphers as it may affect their market share, you instead want servers to try to force change by withholding h2 services! It is a form of protest a-kin to holding your breath until you get your way! Nobody will notice the protest as the web will just work as it always has serving h1 over old ciphers. Victory for the status quo! So we end up stuck with ciphers that are > sort-of-bad-but-not-broken-enough-to-pull. Which sucks. > Sure that sucks, but I'm not sure it is our problem to fix. I want world peace too, but making that a requirement for using h2 is not going to help. <offtopic> It's not hard. ... You just need to know how to influence suite selection.... Do you want to break the web. Geeeeeeeeeeeeeeeeeeeeze you like to troll sometimes! I do know how to write code to pick something from a preference list.... I had realised that cipher selection has something to do with this conversation..... I spend all my free time in the WG in an effort to destroy web connectivity as we know it !) </offtopic> -- Greg Wilkins <gregw@intalio.com> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Saturday, 6 September 2014 06:37:03 UTC