Re: impact of 9.2.2 changes and discussions on opportunistic encryption draft from Martin Thomson on 2014-11-03 (ietf-http-wg@w3.org from October to December 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 3 Nov 2014 12:01:36 -0800
To: Erik Nygren <erik@nygren.org>
Cc: Michaela LaVan <mlavan@google.com>, Robert Collins <robertc@robertcollins.net>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <CABkgnnWZBfvaYbVytkjekd7B59zhdeuU1nL-RiCVhRJrU+DQvA@mail.gmail.com>

On 31 October 2014 11:56, Erik Nygren <erik@nygren.org> wrote:
> If everyone sticks with #1 or #2 and only uses #3 for the HTTP-TLS case
> we're fine.

That's not an *if*, that's a *requirement*.  You can't have a
situation where both peers have different expectations regarding a
critical feature like authentication.

If -encryption fails to make that clear, let's work on that.

Received on Monday, 3 November 2014 20:02:06 UTC