Re: null ciphers in 9.2.2 from Greg Wilkins on 2014-10-05 (ietf-http-wg@w3.org from October to December 2014)

From: Greg Wilkins <gregw@intalio.com>
Date: Mon, 6 Oct 2014 10:37:36 +1100
To: Mark Nottingham <mnot@mnot.net>
Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAH_y2NEJQU0Oix_O6FGBrrrkRHR5JT2Pbw6CXEzoAprr847B4g@mail.gmail.com>

On 6 October 2014 06:20, Mark Nottingham <mnot@mnot.net> wrote:

> Given that this thread was quickly hijacked to discuss other issues, and
> no one has actually given feedback on this, I think that’s a reasonable
> clarification.

I don't think it is fair to characterise my initial feedback to Martin's
enquiry as a hijack.  Specifically I noted that using null ciphers is a
debugging technique that will not be available if null ciphers are
prohibited.

The issue is that if we bake in restrictions for the main deployment mode
of the protocol, we are prohibiting niche deployments modes that may use
null, weak or unusual ciphers.

I think that is valid feedback to Martin's question.

regards

-- 
Greg Wilkins <gregw@intalio.com>
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.

Received on Sunday, 5 October 2014 23:38:04 UTC