On Feb 19, 2015 10:01 AM, "Barry Leiba" <barryle...@computer.org> wrote: > > > Barry, following up, here is some proposed text (again, not yet coordinated > > with my co-authors). > > Nice text all 'round; thanks. > > One question on one of them: > > > OLD > > Implementations and deployments SHOULD disable TLS-level compression > > ([RFC5246], Section 6.2.2). > > > > NEW > > In order to help prevent compression-related attacks (summarized in > > Section 2.6 of [RFC7457]), implementations and deployments SHOULD > > disable TLS-level compression ([RFC5246], Section 6.2.2), unless the > > application protocol in question has not been shown to be open to > > such attacks. > > Do you want "has not been shown to be open to such attacks", or "has > been shown not to be open to such attacks" ?
I strongly prefer the second. We shouldn't need live demos to convince us of issues. > > Barry > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
