- From: Greg Wilkins <gregw@intalio.com>
- Date: Thu, 6 Nov 2014 11:11:01 +1100
- To: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Received on Thursday, 6 November 2014 00:11:29 UTC
On 6 November 2014 11:00, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > -------- > In message <CAH_y2NHyq= > tr4VrQQbFs2CbopC4u6CR1V8b0_0ftG9w+SdrbJQ@mail.gmail.com> > , Greg Wilkins writes: > > >I am not suggesting that we redefine HTTP/1 > > > >I'm saying that in the brand new http2 handshake that we are defining, > >there is no need to support weak ciphers and old protocols. If clients > >wish to talk weak ciphers to old protocols, they are free to retry > >connections using the existing http/1 protocol unchanged. > > It's a really bad idea to try to cram a political agenda down peoples > throats using artifical and unenforceable tools. > I agree that the application layer protocol really should not be trying to do this sort of thing..... but I'm prepared to compromise on that IFF it is done so in a technically robust way - so that political preference is indistinguishable from technical choice. Hence my stated position that if the handshake is made robust, then I will make a best effort attempt to enforce cipher restrictions as recommended by experts (even if those recommendations are political, as it is beyond my expertise to evaluate if that is or is not the case). cheers -- Greg Wilkins <gregw@intalio.com> @ Webtide - *an Intalio subsidiary* http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Thursday, 6 November 2014 00:11:29 UTC