- From: Michael Sweet <msweet@apple.com>
- Date: Fri, 26 Sep 2014 05:17:51 -0700
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
I think the lead-in paragraph (everything below only applies to TLS 1.2) is confusing when the first item after it then says "this isn't just limited to TLS 1.2". Since all of the others are now explicitly TLS 1.2 requirements you can probably drop that lead-in paragraph to avoid the confusion... And FWIW I still have no interoperable way to implement these restrictions in a client or server that supports both HTTP/1.1 and HTTP/2 with the current TLS libraries, so I'll have to use the sub-optimal negotiate-and-then-give-up-forcing-a-new-connection approach if I want to enforce the 9.2.2 cipher suite and minimum TLS version requirements. > On Sep 26, 2014, at 1:08 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 24 September 2014 12:17, Mark Nottingham <mnot@mnot.net> wrote: >> <http://http2.github.io/http2-spec/#rfc.section.9.2.2> > > I've updated my pull request on this subject. There are a few > editorial changes in the mix, but the commit log shows exactly what > changes are involved: > > https://github.com/http2/http2-spec/pull/615 > > I believe that these changes resolve the issues people have raised. > That is, other than the one which states we shouldn't have this > section at all. > _________________________________________________________ Michael Sweet, Senior Printing System Engineer, PWG Chair
Received on Friday, 26 September 2014 12:18:23 UTC