Thanks for the list, Stephen. I also made a short list yesterday for other purposes. The items not on your list yet were:
HTTP 2.0 security becoming somehow more widely turned on than we have on current HTTP. Curent spec says it is required to implement, see http://tools.ietf.org/html/draft-ietf-httpbis-http2-06#section-9.2 and the topic is also discussed in here: http://tools.ietf.org/agenda/87/slides/slides-87-httpbis-3.pdf I think I saw a discussion about reducing fingerprinting possibilities for web traffic somewhere. Did we have a discussion of PFS in TLS somewhere? And there is a category of actions we could take, but are not technical improvements themselves. For instance, we could more aggressively deprecate algorithms known to have issues. Or we could launch a review of various security mechanisms or even other protocols to find areas that need improvement. Jari _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
