Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem from Roy T. Fielding on 2014-09-18 (ietf-http-wg@w3.org from July to September 2014)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Thu, 18 Sep 2014 10:56:41 -0700
To: Simone Bordet <simone.bordet@gmail.com>
Cc: Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <B9D3F14A-C300-4AB7-B140-41E86CFCB24F@gbiv.com>

On Sep 18, 2014, at 9:33 AM, Simone Bordet wrote:
> On Thu, Sep 18, 2014 at 5:41 PM, Roy T. Fielding <fielding@gbiv.com> wrote:
>> I still don't believe that any of these requirements belong in h2,
>> and I won't implement them even if they end up in the RFC.
> 
> As much as I would like to have 9.2.2 reworded to delegate to the TLS
> spec, not implementing it on servers while all major browsers
> implements it will result in a closed connection, no fallback and an
> empty white page.

No, it will just be left to the administrator to configure the right ciphers.
Doing that inside an application protocol is insane.

....Roy

Received on Thursday, 18 September 2014 17:57:05 UTC