- From: Simone Bordet <simone.bordet@gmail.com>
- Date: Wed, 24 Sep 2014 11:23:22 +0200
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Eric Rescorla <ekr@rtfm.com>, Roland Zink <roland@zinks.de>, HTTP Working Group <ietf-http-wg@w3.org>
Hi, On Wed, Sep 24, 2014 at 11:14 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 24 September 2014 02:08, Simone Bordet <simone.bordet@gmail.com> wrote: >> Old h2 clients that are dynamically linked to a new TLS implementation >> will have X but not know that is acceptable. > > Implementations shouldn't be enabling cipher suites that they don't understand. Not sure what you mean here. The new TLS implementation understands the cipher. Any other non-h2 protocol will make use of it even if they don't "understand it", because it's not their concern. We all know h1 will work with any future TLS specification and any future cipher. A polyglot client that can speak multiple protocols (e.g. h1, h2) cannot just disable ciphers globally only because one of those protocols has special needs, also considering the client has no idea what protocol will be chosen. Thanks ! -- Simone Bordet http://bordet.blogspot.com --- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz
Received on Wednesday, 24 September 2014 09:23:50 UTC