Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem from Greg Wilkins on 2014-09-23 (ietf-http-wg@w3.org from July to September 2014)

From: Greg Wilkins <gregw@intalio.com>
Date: Wed, 24 Sep 2014 08:41:46 +1000
To: Eric Rescorla <ekr@rtfm.com>
Cc: Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAH_y2NEZTA9bZiz4NNpOqvEZNpcattHwy+pRYoai5SamYvNEdw@mail.gmail.com>

On 24 September 2014 06:17, Eric Rescorla <ekr@rtfm.com> wrote:

>
> On Tue, Sep 23, 2014 at 11:36 AM, Greg Wilkins <gregw@intalio.com> wrote:
>
>>
>> If the answer to this is to make h2 clients not offer new ciphers
>> provided by their infrastructure until such time as their h2 impl is
>> updated,
>>
>
> I think that this is how h2 clients must behave in order to make the
> requirements
> in 9.2.2 work. Can we agree that if h2 clients behave this way, that there
> is not
> an interop problem?
>

We can definitely agree on this.   If the client does not offer a cipher
that it later rejects due to the protocol the server selects, then we do
not get this problem.

However, I'm not sure we can achieve that with any reasonable extension of
9.2.2

Firstly there is the practical problem that a lot of non browser clients
are administered with black lists rather than white lists.   So for example
a java client that is run on a new JVM is likely to have new ciphers.    So
at the very least we need to instil a cultural change to make such clients
white list instead.

But the bigger problem is that when offering a TLS connection, the client
may be offering it for h1, h2 and spdy.   Thus this way out of the 9.2.2
interop problem will mean that clients will not be able to take advantage
of the latest greatest ciphers for h1

I agree that it remains an open question what the impact on
> new cipher adoption will be.
>

Indeed.  Waiting until h2 implementations officially white list ciphers is
going to be a hindrance to the adoption of new ciphers for h1, spdy and any
other protocols negotiated over ALPN.      If this really is something we
want to do, then I repeat my suggestion that we look at extending ALPN so
that it communicates the cipher sets for each protocol.

But generally, seeing that TLS connections are negotiated for both h1 and
h2, I think the correct place for new cipher policies to be advanced is in
an update of rfc2818 and/or rfc7301 rather than in this draft.

cheers

-- 
Greg Wilkins <gregw@intalio.com>
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.

Received on Tuesday, 23 September 2014 22:42:14 UTC