W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Discussion of 9.2.2

From: Patrick McManus <mcmanus@ducksong.com>
Date: Thu, 25 Sep 2014 18:47:33 +0100
Message-ID: <CAOdDvNrRdGxtVhuKFHhT0g+9RwGDdn8SYSpeGfsBq1+XQv3ewQ@mail.gmail.com>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Cc: Eric Rescorla <ekr@rtfm.com>, Greg Wilkins <gregw@intalio.com>, Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, Sep 25, 2014 at 6:33 PM, Ilari Liusvaara <
ilari.liusvaara@elisanet.fi> wrote:

>
> > >
> > >    isAEAD()
> > >
> > > when it should be:
> > >
> > >    !isBlock() && !isStream()
> > >
> > > The former is a interoperability problem for future acceptable non AEAD
> > > ciphers, while the later is not.
> > >
> >
> > Trying to think this through....
> >
> > Isn't that only true if we add a new non-AEAD ciphersuite in NSS and then
> > forget
> > to update the code in Firefox?
>
> Nope. Somebody WILL dynamically link the TLS librariesif the platform
> supports dynamic linkage at all (and most non-constrained stuff does).
>
>
And even if stock Firefox statically links NSS, there is at least one
> rebranded one (checked the memory map) that dynamically links system
> NSS (hello version skew!).
>
>
firefox explicitly enables the cipher suites it supports - that isn't left
to the defaults of nss.
Received on Thursday, 25 September 2014 17:47:57 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC