W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 23 Sep 2014 01:15:55 -0700
Message-ID: <CABcZeBPLwoTinqfO2PUx6xKtnFNOitS-SffoD6kw=fKttXQqNQ@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Greg Wilkins <gregw@intalio.com>, Jason Greene <jason.greene@redhat.com>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
WRT to the process point, as Mark says there were  a number of TLS people
involved
in this discussion. I don't see a process problem with WGs profiling their
own TLS cipher
suites, though from a substantive perspective I would definitely hope that
they would
align them with the direction that TLS is going. That seems to have
happened here:
the cipher suites which are required in 9.2.2. are the ones the will be
permissible
for TLS 1.3.

Again, I don't really have a dog in this fight, and this might be a bad
idea for technical
or other reasons, but I don't believe there's a process problem.

-Ekr





On Mon, Sep 22, 2014 at 3:55 PM, Mark Nottingham <mnot@mnot.net> wrote:

>
> On 22 Sep 2014, at 3:05 pm, Greg Wilkins <gregw@intalio.com> wrote:
> >
> > I think it is unworkable.... but let's follow our charter to determine
> if it really is.  Our charter says that we should be coordinating the TLS
> working group and let's see if they are happy to insist that TLS police
> application protocol crypto requirements.
>
> Greg, this was all done with deep involvement from the TLS WG; Eric was
> chair at the time, and now the document editor for 1.3.
>
> There may be some mitigations we can introduce to make this easier for
> you. Dropping 9.2.2 isn’t on the table here — it’s been discussed for quite
> some time, with input from TLS and SECAREA, and has strong support.
>
> One thing that I’ve heard is requiring clients to offer the “good” suites
> first, to promote interop. Does anyone see a downside to doing that?
>
> The other is making all of 9.2.2 (and maybe 9.2.1) specific to TLS 1.2;
> i.e., to let TLS 1.3 and beyond control their own destiny.
>
> Regards (and about to get on a plane),
>
> --
> Mark Nottingham   http://www.mnot.net/
>
>
>
>
Received on Tuesday, 23 September 2014 08:17:07 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC