On 2/19/15 11:01 AM, Barry Leiba wrote:
Barry, following up, here is some proposed text (again, not yet coordinated
with my co-authors).
Nice text all 'round; thanks.
One question on one of them:
OLD
Implementations and deployments SHOULD disable TLS-level compression
([RFC5246], Section 6.2.2).
NEW
In order to help prevent compression-related attacks (summarized in
Section 2.6 of [RFC7457]), implementations and deployments SHOULD
disable TLS-level compression ([RFC5246], Section 6.2.2), unless the
application protocol in question has not been shown to be open to
such attacks.
Do you want "has not been shown to be open to such attacks", or "has
been shown not to be open to such attacks" ?
Yes, that is superior.
Peter
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
