- From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
- Date: Thu, 25 Sep 2014 20:33:54 +0300
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: Greg Wilkins <gregw@intalio.com>, Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Sep 25, 2014 at 10:05:16AM -0700, Eric Rescorla wrote: > On Thu, Sep 25, 2014 at 9:52 AM, Greg Wilkins <gregw@intalio.com> wrote: > > > > I think this indicates that the wording of 9.2.2 is indeed causing > > confusion and has actually created wrong implementations. In FF the 9.2.2 > > test is currently implemented as: > > > > isAEAD() > > > > when it should be: > > > > !isBlock() && !isStream() > > > > The former is a interoperability problem for future acceptable non AEAD > > ciphers, while the later is not. > > > > Trying to think this through.... > > Isn't that only true if we add a new non-AEAD ciphersuite in NSS and then > forget > to update the code in Firefox? Nope. Somebody WILL dynamically link the TLS librariesif the platform supports dynamic linkage at all (and most non-constrained stuff does). And even if stock Firefox statically links NSS, there is at least one rebranded one (checked the memory map) that dynamically links system NSS (hello version skew!). -Ilari
Received on Thursday, 25 September 2014 17:34:20 UTC