- From: Roland Zink <roland@zinks.de>
- Date: Mon, 03 Nov 2014 11:44:21 +0100
- To: ietf-http-wg@w3.org
On 03.11.2014 01:03, Mark Nottingham wrote: > Michael, > >> On 2 Nov 2014, at 1:55 pm, Michael Sweet <msweet@apple.com> wrote: >> >> Also, based on the traffic on the TLS WG list, it looks like TLS/1.3 will still include cipher suites that are not allowed by the current HTTP/2 text, but are otherwise considered "secure". And thanks to the current wording, they will be valid when TLS/1.3 is negotiated but not TLS/1.2. (think of the interop issues there!) > See the current proposal, which makes the requirements specific to TLS 1.2: > https://github.com/http2/http2-spec/pull/615 > Wouldn't this be confusing? A cipher is allowed with TLS 1.2, but not with TLS 1.2 together with h2. But if h2 is used together with TLS 1.3 it is allowed again. > > — > Mark Nottingham http://www.mnot.net/ > Roland
Received on Monday, 3 November 2014 10:44:44 UTC