W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Cory Benfield <cory@lukasa.co.uk>
Date: Fri, 19 Sep 2014 07:29:45 +0100
Message-ID: <CAH_hAJHkQ=h0tR-HBattUHDR0TCNugpoQ3mKV3fKBUqr91nkVg@mail.gmail.com>
To: Willy Tarreau <w@1wt.eu>
Cc: Greg Wilkins <gregw@intalio.com>, Stuart Douglas <stuart.w.douglas@gmail.com>, Martin Thomson <martin.thomson@gmail.com>, Brian Smith <brian@briansmith.org>, Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, HTTP Working Group <ietf-http-wg@w3.org>
On 19 September 2014 07:08, Willy Tarreau <w@1wt.eu> wrote:
> I disagree hre, only the admin knows in what context agents are deployed
> and what security level is acceptable/accepted. Browser vendors have no
> idea what usage is made from their product. If I'm using your browser to
> retrieve photos from my low-level weather satellite in space for whom it's
> extremely expensive to use higher crypto, it's *my* problem. And if I set
> up an emergency server to cut the power in a datacenter using a 4096 bit
> key and a cipher that is not supported by 9.2.2 because I feel it's more
> secure than what is currently required, it's my decision as well.

This is a good point. As it turns out I'm covered because I will have
a switch that says "please stop bugging me about ciphers". This will
continue to allow you to do what you want, while having a by-default
behaviour that matches the RFC. Secure-by-default is almost always
better than secure-by-opt-in.

> I've always felt that the H2 spec is walking on the TLS group's feet here.
> Inciting servers to increase their key length has always been done by cert
> vendors, and browsers have always followed this support very early and this
> model has been working for decades now. There's no reason for suddenly
> breaking the net or making it harder to upgrade crypto there because the
> algorithms are written black on white in the layer 7 protocol spec, which
> also supports being transported over a clear medium!

I hadn't considered this, but I agree with this point.

Don't mistake my previous post for an impassioned defense of 9.2.2 in
its current form. I think its *goal* is laudable, not necessarily its
implementation, and if we think we can move the requirement (or
something similar) to the TLS WG I am happy to remove 9.2.2 from the
draft.

Cory
Received on Friday, 19 September 2014 06:30:14 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC