- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 14 Mar 2017 14:29:00 +1100
- To: HTTP Working Group <ietf-http-wg@w3.org>, Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>
Hi Gabriel, et. al., I think that this is interesting work. It's interesting to see that you have removed discussion of the TLS-related issues from this document. The lack of AES-CCM ciphers in particular was previously identified as a concern. Has this changed? In the absence of this text, I note that there are a few things that you could benefit from saying here. Specifically, a recommendation to use the max_fragment_length TLS extension [RFC6066] and a better choice of crypto (ChaCha over AESGCM, EdDSA for really new things else ECDSA for signing and RSA for verifying, fast EC curves like X25519).
Received on Tuesday, 14 March 2017 03:29:32 UTC