Re: null ciphers in 9.2.2 from Martin Thomson on 2014-09-30 (ietf-http-wg@w3.org from July to September 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 30 Sep 2014 09:45:20 -0700
To: "FOSSATI, Thomas (Thomas)" <thomas.fossati@alcatel-lucent.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnX89YAq3LNy4f_jKz28sT9GghS9OB6URkWjb0YNTLejZQ@mail.gmail.com>

On 30 September 2014 02:22, FOSSATI, Thomas (Thomas)
<thomas.fossati@alcatel-lucent.com> wrote:
> A NULL cipher is a secure option if you just want authentication and integrity.

That is not the guarantee that the https:// scheme demands.  It also
requires confidentiality.

Received on Tuesday, 30 September 2014 16:45:48 UTC