- From: Albert Lunde <atlunde@panix.com>
- Date: Tue, 28 Oct 2014 12:13:17 -0500
- To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On 10/27/2014 8:42 PM, Dave Garrett wrote:
> It looks like HTTP/2 section 9.2.2 is on the chopping block, with little
> push-back thus far, so I'm going to ask the obvious question: what's
> going to replace it?
>
> There were a few people that suggested simply waiting for TLS 1.3 and
> requiring that instead of TLS 1.2 plus a series of hacks. Is it possible
> to fast-track TLS 1.3 from its current draft to standardization for
> HTTP/2, and move further TLS development to 1.4? This is the simplest
> solution and obsoletes almost all of section 9.2, not just 9.2.2.
It's feasible to take a server that supports TLS 1.2, and disable legacy
TLS ciphers that came from previous TLS/SSL versions.
This could satisfy the requirements of 9.2.2, and serve up HTTP 1.1 as
https too. But this is just server configuration rather than a special
handshake. It's a non-hack.
--
Albert Lunde albert-lunde@northwestern.edu
atlunde@panix.com (address for personal mail)
Received on Tuesday, 28 October 2014 17:13:40 UTC