Re: #612: 9.2.2 and ALPN from Martin Thomson on 2014-11-14 (ietf-http-wg@w3.org from October to December 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 13 Nov 2014 19:12:14 -0800
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnVQvsPphX_-LqOnaQ-R=74vz_aQVzDJbsDrq5Uf9i9+0Q@mail.gmail.com>

On 13 November 2014 16:03, Martin Thomson <martin.thomson@gmail.com> wrote:
> There is one piece of collateral damage here that I think we will have
> to decide on.  The draft previously has requirements for key strength
> on DHE and ECDHE.  I've moved that to 9.2.1.  I want to make sure that
> I call that out.

On consideration (and feedback on github), I've changed this to
include permission to use INADEQUATE_SECURITY in the case that the
minimum key sizes are not negotiated.

Received on Friday, 14 November 2014 03:12:40 UTC