- From: Jason Greene <jason.greene@redhat.com>
- Date: Wed, 8 Oct 2014 14:23:15 -0500
- To: Brian Smith <brian@briansmith.org>
- Cc: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Oct 8, 2014, at 11:37 AM, Brian Smith <brian@briansmith.org> wrote: > >> - It is confusing, especially some of the examples confuse instead of clarify >> (the mentions of AEAD and AES-GCM are the worst[3]). And getting these >> things wrong causes interop problems. > > I agree that the attempts to clarify in 9.2.2 that AEAD cipher suites > and AES-GCM are acceptable seem to be having the > opposite-from-intended effect on clarifying things. > >> - It wrongly assumes DHE and ECDHE are the only PFS key exchanges. > > Do you have a suggestion for improving that? Yes, require TLS 1.3, or alternatively a revision to TLS 1.2 that introduces a 3, 4 version, and 1.3 becomes 3, 5 :) -- Jason T. Greene WildFly Lead / JBoss EAP Platform Architect JBoss, a division of Red Hat
Received on Wednesday, 8 October 2014 19:23:56 UTC