- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 22 Sep 2014 15:55:41 -0700
- To: Greg Wilkins <gregw@intalio.com>
- Cc: Eric Rescorla <ekr@rtfm.com>, Jason Greene <jason.greene@redhat.com>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 22 Sep 2014, at 3:05 pm, Greg Wilkins <gregw@intalio.com> wrote: > > I think it is unworkable.... but let's follow our charter to determine if it really is. Our charter says that we should be coordinating the TLS working group and let's see if they are happy to insist that TLS police application protocol crypto requirements. Greg, this was all done with deep involvement from the TLS WG; Eric was chair at the time, and now the document editor for 1.3. There may be some mitigations we can introduce to make this easier for you. Dropping 9.2.2 isn’t on the table here — it’s been discussed for quite some time, with input from TLS and SECAREA, and has strong support. One thing that I’ve heard is requiring clients to offer the “good” suites first, to promote interop. Does anyone see a downside to doing that? The other is making all of 9.2.2 (and maybe 9.2.1) specific to TLS 1.2; i.e., to let TLS 1.3 and beyond control their own destiny. Regards (and about to get on a plane), -- Mark Nottingham http://www.mnot.net/
Received on Monday, 22 September 2014 22:56:07 UTC