- From: Yoav Nir <ynir.ietf@gmail.com>
- Date: Thu, 13 Nov 2014 17:13:58 -1000
- To: "Eric J. Bowman" <eric@bisonsystems.net>
- Cc: Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>
> On Nov 13, 2014, at 5:02 PM, Eric J. Bowman <eric@bisonsystems.net> wrote: > > Yoav Nir <ynir.ietf@gmail.com> wrote: >> >>> I have to agree with Roy on this one. Inadequate vs. Inappropriate >>> is a moot point; I'd never send either, vs. closing the connection. >> >> Assuming that receiving the error code generates a log, while RST-ing >> the connection is chalked up to network glitch, it could provide >> information to the administrator to somehow reconfigure the server to >> make the logs go away. >> > > Which would be a bad thing, how? I'm a server guy, so my gut instinct > is that client-based bad outcomes are more worrisome. I missed that part. I took your “I’d never send either” as being client-side, so I offered a case where there is utility in sending. > More bad-actor > clients than servers, IMO, but I lack statistical backing. Feel free to > enlighten me, because honestly, I get in over my head on the pros and > cons of TLS_RSA_WITH_AES_128_GCM vs. TLS_RSA_WITH_AES_128_CBC_SHA and > such. > > What I do (think I) know, is that these intricacies are best not > exposed. Because the client can always close the connection and try > again, without the whole world knowing why. Or maybe I'm smoking the > wrong kind of cigarettes -- I do live in Colorado, you know... ;-) > > -Eric
Received on Friday, 14 November 2014 03:14:31 UTC