RE: Comments on draft-montenegro-httpbis-h2ot-profile-00

Hi Martin,

> I think that this is interesting work.  It's interesting to see that you have removed
> discussion of the TLS-related issues from this document.  The lack of AES-CCM
> ciphers in particular was previously identified as a concern.  Has this changed?

I don't believe it has, no. Rather, we decided to trim this draft (as compared to our previous effort) to just the bare minimum using HTTP/2 as defined today in order to have something useful sooner.
We may expand to other suggestions going forward. 

> In the absence of this text, I note that there are a few things that you could
> benefit from saying here. Specifically, a recommendation to use the
> max_fragment_length TLS extension [RFC6066] and a better choice of crypto

Reasonable recommendation, yes. Also in line with the goals of this draft of using existing technology. It is, btw, already included in RFC7925, along with other good recommendations.  But your comment points out that we left out a reference to RFC7925 (duh!). We'll fix that.

> (ChaCha over AESGCM, EdDSA for really new things else ECDSA for signing and
> RSA for verifying, fast EC curves like X25519).

Will have to think this one over a bit. One of the recommendations is to use hardware-based crypto in order to save on code space, so any talk of new crypto suites as those you point out has to be evaluated in that light.



Received on Wednesday, 15 March 2017 22:09:18 UTC