- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 23 Sep 2014 02:16:24 -0700
- To: Mark Nottingham <mnot@mnot.net>
- Cc: Greg Wilkins <gregw@intalio.com>, Eric Rescorla <ekr@rtfm.com>, Jason Greene <jason.greene@redhat.com>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 22 September 2014 15:55, Mark Nottingham <mnot@mnot.net> wrote: > One thing that I’ve heard is requiring clients to offer the “good” suites first, to promote interop. Does anyone see a downside to doing that? It would definitely solve Greg's issue with Java <= 7. The only case where this wouldn't work is where clients are unable to alter the priority order of cipher suites. I don't know if any of those exist; I haven't met one yet, though I anticipate an introduction shortly... The worst failure mode here results in a fallback - once you discover that the server supports HTTP/2, you can kill off the bad suites and try again. That seems to be the only concrete technical concern I've seen raised in the discussion. I think that Eric has addressed most of the process concerns.
Received on Tuesday, 23 September 2014 09:16:56 UTC