Martin, Based on the TLS mailing list discussion, it sounds like there is serious consideration of keeping the PSK suites, which as I understand it do not support AEAD (but I am not a TLS expert, so I could easily be mistaken...) Again, it makes perfect sense to require support for a known good cipher suite that will be in TLS 1.3 so that each endpoint is assured of being able to interoperate with the other using a known good cipher suite. It does not make sense to forbid other cipher suites to needlessly complicate interoperability with existing clients and servers and ensure a slow adoption of HTTP/2 because of the resulting confusion, problems, and slowdown. > On Nov 3, 2014, at 3:23 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 3 November 2014 02:56, Michael Sweet <msweet@apple.com> wrote: >> That was my point - right now a cipher suite that is valid in both TLS/1.2 and TLS/1.3 may only be usable with HTTP/2 when TLS/1.3 is negotiated. Aside from the confusion factor this seems like a recipe for interop disaster. > > That doesn't happen. The set permitted by HTTP/2 is strictly the same > as the set permitted by TLS 1.3. (1.3 makes exactly the same changes > to the permitted cipher suite list). _________________________________________________________ Michael Sweet, Senior Printing System Engineer, PWG Chair
Received on Monday, 3 November 2014 20:49:44 UTC