- From: Greg Wilkins <gregw@intalio.com>
- Date: 2014年10月12日 09:16:14 +1100
- To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAH_y2NHkmvvoomn9toVhX1AgX=Jv3hKft46FM27K42yO7ficsQ@mail.gmail.com>
On 11 October 2014 19:53, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote: > AFAIK, 9.2.2 with proposed modifications plus server operating on > blacklist instead of whitelist is not fragile. So long as the client uses a whitelist and so long as the server operates on a black list and so long as the server can actually influence cipher selection and so long as it bans any cipher matching the 3 patterns you provided and so long as cipher names never differ from those patterns and so long as no additional patterns are configured. I think you just defined fragile. regards -- Greg Wilkins <gregw@intalio.com> @ Webtide - *an Intalio subsidiary* http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Saturday, 11 October 2014 22:16:43 UTC