Re: Requiring TLS 1.3 as alternative to HTTP/2 section 9.2.2 from Erik Nygren on 2014-10-28 (ietf-http-wg@w3.org from October to December 2014)

From: Erik Nygren <erik@nygren.org>
Date: Tue, 28 Oct 2014 15:32:26 -0400
To: Jason Greene <jason.greene@redhat.com>
Cc: Mark Nottingham <mnot@mnot.net>, Dave Garrett <davemgarrett@gmail.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <CAKC-DJhsmvEd=V6P6jK36FoMOhs_MV5+Q5s5aVGLp2P29Zei3g@mail.gmail.com>

On Tue, Oct 28, 2014 at 2:58 PM, Jason Greene <jason.greene@redhat.com>
wrote:

>
> > On Oct 28, 2014, at 1:03 PM, Erik Nygren <erik@nygren.org> wrote:
> >
> > Another option might be to add an ALPN token for h2-requiring-tls-1.3
> > that would be added in by client implementations when they add TLS/1.3
> support
> > with h2-15 or whatever it is being dropped at some point subsequently?
>
> I don’t think that would be necessary. A TLS 1.3 client is supposed to
> request
> the most recent version, and the server is likewise required to support the
> most recent version requested that it has the ability to do so.
>

I think where you end up is:

   client_hello:  {  min_vers="TLS-1.0", max_vers="TLS-1.3", alpn=("h2")  }

which means that a server only supporting TLS-1.2 will end up negotiating
TLS-1.2 plus alpn=h2
and the client has no way to prevent or express this in the client_hello
with a single alpn token.

    Erik

Received on Tuesday, 28 October 2014 19:32:53 UTC