- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Wed, 1 Nov 2017 10:26:07 +1100
- To: Mike Bishop <Michael.Bishop@microsoft.com>
- Cc: Anmol Sethi <me@anmol.io>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Nov 1, 2017 at 5:11 AM, Mike Bishop <Michael.Bishop@microsoft.com> wrote: > I think the asserted spec bug is that we implicitly require every server that implements HTTP/2 with TLS 1.2 to possess an RSA certificate. Yes, I can see that this is something that could be perceived as a problem. But the choice was explicit (at least for those of us who understood the implications of the text at the time, which I will concede probably wasn't everyone involved). As far as it goes, there are deployments where ECDSA is entirely sufficient already. But those deployments should be content in being non-compliant on this particular requirement, valuing as they do performance - or whatever else it is that motivates this thread - over interoperability.
Received on Tuesday, 31 October 2017 23:26:30 UTC