W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Roy T. Fielding <fielding@gbiv.com>
Date: Thu, 18 Sep 2014 08:41:59 -0700
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <C76D7E6B-06BA-4FF1-B0AF-804AC118A38E@gbiv.com>
To: Greg Wilkins <gregw@intalio.com>
I still don't believe that any of these requirements belong in h2,
and I won't implement them even if they end up in the RFC.  It is
not the HTTP server's responsibility to second-guess the configuration
regarding the security properties of the underlying connections.
We have no idea what hardware or gateways might be doing to secure those
connections.  We don't even know what TLS library is being used,
since all we see is an API into someone else's code.

TLS requirements belong in the TLS code.

....Roy
Received on Thursday, 18 September 2014 15:42:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:38 UTC