Re: null ciphers in 9.2.2 from Nicholas Hurley on 2014-10-06 (ietf-http-wg@w3.org from October to December 2014)

From: Nicholas Hurley <hurley@todesschaf.org>
Date: Mon, 06 Oct 2014 11:14:41 -0700
To: Greg Wilkins <gregw@intalio.com>, Mark Nottingham <mnot@mnot.net>
Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1412619281.1805012.175778085.14F39740@webmail.messagingengine.com>

On Sun, Oct 5, 2014, at 21:37, Greg Wilkins wrote:


On 6 October 2014 10:45, Mark Nottingham <[1]mnot@mnot.net>
wrote:

  That’s by design. Nothing stops someone from explicitly
  configuring a pair of endpoints to violate the protocol for
  testing purposes:


There is something stopping that.  We have a fragile handshake
that will definitely break if 9.2.2 is implemented by
configuration. 9.2.2 is hard coded in FF and the discussion
here has been very much that implementations should check
cipher properties. So there is no "Configuring" of 9.2.2
non-compliance,   you might configure in a null/weak cipher,
but the hard coded isAEAD() will reject it for h2 purposes.



Well that's just patently untrue. There is, in fact, an option
to prevent Firefox from enforcing the TLS requirements. Just
because we're not advertising it widely (since we do, in fact,
want people to conform to 9.2.2) doesn't mean it doesn't exist
for testing purposes. I've made use of it plenty of times (and
still do, on the rare occasion I come up against someone that
doesn't implement 9.2.2).



So... yes, it's entirely possible, as Mark said, to configure a
pair of endpoints to violate the protocol for testing. I can't
speak to other people's implementations, of course, but I
wouldn't be surprised if others have a similar flag hidden
somewhere (or had one in the past, when 9.2.2 compliance was
less common).

--
Peace,
  -Nick

References

1. mailto:mnot@mnot.net

Received on Monday, 6 October 2014 18:15:03 UTC