Re: HTTP/2 and Websockets from Ilari Liusvaara on 2014-09-29 (ietf-http-wg@w3.org from July to September 2014)

From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Date: Tue, 30 Sep 2014 02:07:21 +0300
To: Robert Collins <robertc@robertcollins.net>
Cc: Yutaka Hirano <yhirano@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20140929230721.GA2165@LK-Perkele-VII>

On Tue, Sep 30, 2014 at 10:46:08AM +1300, Robert Collins wrote:
> 
> 7
> I'm not aware of any equivalent to the masking in HTTP/2, and there is
> no discussion of BEAST in the HTTP/2 spec: if we're delegating to
> HTTP/2 to solve those issues, I think we need to talk about that now
> :)
> 

HTTP/2 uses TLS 1.2, which is not vulernable to BEAST (it was fixed
in 1.1).


-Ilari

Received on Monday, 29 September 2014 23:07:56 UTC