W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: null ciphers in 9.2.2

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 30 Sep 2014 09:45:20 -0700
Message-ID: <CABkgnnX89YAq3LNy4f_jKz28sT9GghS9OB6URkWjb0YNTLejZQ@mail.gmail.com>
To: "FOSSATI, Thomas (Thomas)" <thomas.fossati@alcatel-lucent.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 30 September 2014 02:22, FOSSATI, Thomas (Thomas)
<thomas.fossati@alcatel-lucent.com> wrote:
> A NULL cipher is a secure option if you just want authentication and integrity.

That is not the guarantee that the https:// scheme demands.  It also
requires confidentiality.
Received on Tuesday, 30 September 2014 16:45:48 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC