- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Fri, 19 Sep 2014 20:19:41 +1200
- To: ietf-http-wg@w3.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 19/09/2014 6:29 p.m., Cory Benfield wrote: > On 19 September 2014 07:08, Willy Tarreau wrote: >> I disagree hre, only the admin knows in what context agents are >> deployed and what security level is acceptable/accepted. Browser >> vendors have no idea what usage is made from their product. If >> I'm using your browser to retrieve photos from my low-level >> weather satellite in space for whom it's extremely expensive to >> use higher crypto, it's *my* problem. And if I set up an >> emergency server to cut the power in a datacenter using a 4096 >> bit key and a cipher that is not supported by 9.2.2 because I >> feel it's more secure than what is currently required, it's my >> decision as well. > > This is a good point. As it turns out I'm covered because I will > have a switch that says "please stop bugging me about ciphers". If some middleware is "the client" obeying HTTP/2 and rejecting all communication due to 9.2.2 that switch has no relevance. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUG+cdAAoJELJo5wb/XPRjN/wH/01ixoWHCUu5fymPtiZDN3Nx +lquH44IPvySkKILPwc2Pqj4HLT+qATM3SSVcC4CzYQaGRgfruBOQqNjP7NyJWzy 3PxmtJPakbO4XCSsYo77augWjPCJ8tSUIWupsm8rDYLsMM2HlYDe/a+4M8cFa9ob SDuQbRFrJdf3MhX8PW8Wn+6FRfMJTjz90S9zBf9oPFfWNE65FfzVWqjWJFCFqYVY AqtzYvC0pj4asYez4lKgvMGa+5Moy3Nr8AH5hmE3c8eMGt1WMmO+8wc7dyR7q2sy qEUiTVSXx6hcOV0hQPbnQffuAXCFmkwxDWGbNQo3Ks/a/V7nnpSGkiF0ipPEcek= =KDDY -----END PGP SIGNATURE-----
Received on Friday, 19 September 2014 08:20:30 UTC