Re: null ciphers in 9.2.2 from Greg Wilkins on 2014-10-01 (ietf-http-wg@w3.org from October to December 2014)

From: Greg Wilkins <gregw@intalio.com>
Date: Wed, 1 Oct 2014 10:10:12 +1000
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "FOSSATI, Thomas (Thomas)" <thomas.fossati@alcatel-lucent.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAH_y2NGuq+zn-6tPOX+xBH-30kC8ugjwh1-aFnzQ-kYvq=70tg@mail.gmail.com>

Great, so we copy/paste TLS1.3 requirements into our draft.  That makes us
good for how many decades?  When HTTP/1.1 was specified TLS was at version
1.0.  If it had hard coded TLS1.1 requirements then we would not be running
h1 over TLS1.2 today.

I am not saying that these are not good restrictions to have on the
majority use-case for h2.  I'm just saying that they are restrictions that
are being developed elsewhere and we have no need to become the enforcer of
them, nor do they generally apply to all our current and future possible
use-cases.

Received on Wednesday, 1 October 2014 00:10:40 UTC