- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Thu, 30 Oct 2014 14:30:23 +1300
- To: ietf-http-wg@w3.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 30/10/2014 12:11 p.m., Nicholas Hurley wrote: > > +1 on everything Patrick has said. Removing 9.2.2 just brings us > back to the same old (pretty nasty) TLS situation we have now, and > just because it might be hard doesn't mean we shouldn't do the > right thing in pushing the bar higher. Things are not quite _that_ bad. SSL/*, TLS/1.0 and TLS/1.1 are prohibited for use with HTTP/2. Which is still a large step forward in security. Quest for perfection killing the benefit was what 9.2.2 did. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUUZSvAAoJELJo5wb/XPRjQVAH/2h3Z4y+0YUg9HWvAEnvnRTF a1mbv+6TDKMFdn9dKgLmeMzayJ4L/xj0Z/QrdZ4gQjFAf+rIQHZyDXPSpQs0JoWe /xzhUSlsV+C+VZlUU21BNm87AbWkJ4aqEjNjJ2R3Wv6PCkOnm886Ki3QzWHZIYAS iF8LAwjNDSbUkg83JIfPJE7u7D4UiWWvqUm5zMmoTJlkg0Ebh0mj/AQ7AnGwKbzH e5HDCxVEtlBQImXP0YvNVJEO2UopdVzylIfljZSeeB7NCyEcrMoYWETAblHaorVv wo6ENjowle7j+Sc5A1wgFN3lLm00o/3QPCxv9iq04iPtmR0C+O4tEEhJy3l6XbY= =vIL0 -----END PGP SIGNATURE-----
Received on Thursday, 30 October 2014 01:31:02 UTC