Re: draft-west-leave-secure-cookies-alone from Martin Thomson on 2015-10-22 (ietf-http-wg@w3.org from October to December 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 22 Oct 2015 09:56:45 -0700
To: Mike West <mkwst@google.com>
Cc: Willy Tarreau <w@1wt.eu>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnXC+zQdkQC5MgY7xBYqhLETfoPiEN5G6Dv3F=_FQ+2h=A@mail.gmail.com>

On 22 October 2015 at 04:26, Mike West <mkwst@google.com> wrote:
> I think we can mitigate the impact by rolling this kind of change out
> in a somewhat coordinated fashion, and announcing it beforehand. The
> current cipher-suite deprecations seem like a reasonable model to
> follow.

I had hoped that would wouldn't need to resort to that.  Of course, if
we can agree to do so, then I'm all over it.

At less than 0.05% I think that I could probably tolerate breakage.

Received on Thursday, 22 October 2015 16:57:14 UTC