- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Sat, 19 Jul 2014 19:28:45 -0700
- To: Brian Smith <brian@briansmith.org>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Yoav Nir <ynir.ietf@gmail.com>
Received on Sunday, 20 July 2014 02:29:13 UTC
On Jul 19, 2014 3:33 PM, "Brian Smith" <brian@briansmith.org> wrote: > > I'm afraid we can't really do that without a risk of interoperability > > failure. TLS mandates something that we prohibit the use of. > > Martin, I'm not sure what you are referring to with the pronouns in > those two sentences. What can't we really do without the risk of > interoperability failure? What is TLS mandating that we prohibit the > use of? TLS1.2, our minimum version, mandates RSA+AES-CBC. That is the only cipher suite that is guaranteed to be present in a 1.2 implementation. But it does not permit PFS, and it's not AEAD, so we have declared it to be verboten. That leaves a real possibility that two implementations of HTTP/2 fail to have a valid suite in common. Your other points are noted. I'm not sure what I can do about them without a time machine. Regarding the DHE suite, I only have my phone, but I did check that the DHE suite is listed and enabled by default in NSS code. Did I miss something?
Received on Sunday, 20 July 2014 02:29:13 UTC