W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2014

Re: Updated 9.2

From: Greg Wilkins <gregw@intalio.com>
Date: Sun, 12 Oct 2014 09:16:14 +1100
Message-ID: <CAH_y2NHkmvvoomn9toVhX1AgX=Jv3hKft46FM27K42yO7ficsQ@mail.gmail.com>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 11 October 2014 19:53, Ilari Liusvaara <ilari.liusvaara@elisanet.fi>

> AFAIK, 9.2.2 with proposed modifications plus server operating on
> blacklist instead of whitelist is not fragile.

So long as the client uses a whitelist and so long as the server operates on
a black list and so long as the server can actually influence cipher
and so long as it bans any cipher matching the 3 patterns you provided
and so long as cipher names never differ from those patterns and so long as
no additional patterns are configured.

I think you just defined fragile.


Greg Wilkins <gregw@intalio.com>  @  Webtide - *an Intalio subsidiary*
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.
Received on Saturday, 11 October 2014 22:16:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:40 UTC