Re: Discussion of 9.2.2

On Sep 26, 2014, at 10:32 AM, Jason Greene <jason.greene@redhat.com> wrote:

> 
> On Sep 26, 2014, at 10:09 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
>> 
>> On Fri, Sep 26, 2014 at 7:55 AM, Jason Greene <jason.greene@redhat.com> wrote:
>> Has there been any discussion and buy-in with the major TLS implementers (OpenSSL, LibreSSL, Microsoft, NSS, etc) about the need to provide a characteristic-based priority and introspection API that also allows for different policies per TLS version?
>> 
>> According to Michaels investigation it looks like all of them fall short of this.
>> 
>> As I indicated previously, NSS provides the necessary introspection API.
>> 
>> http://lists.w3.org/Archives/Public/ietf-http-wg/2014JulSep/2296.html
> 
> I saw that one, but it does not seem to allow me to say aead or anything stronger. Code written against this API would fail with aero for example. So we would need an AEAD+ like construct.  Today this is ok because AEAD is the latest. However, if a few months from now NSS adds it, the application will not be able to use it without a code update.

Answering my own question on the introspection, that could work with !block && !stream as greg mentioned earlier.

--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat

Received on Friday, 26 September 2014 15:39:47 UTC