#612: 9.2.2 and ALPN

We had a wide-ranging discussion in about this issue in Honolulu today. After an introductory presentation <http://httpwg.github.io/wg-materials/ietf91/922.pdf>, and then much discussion/iteration, we ended up with this on the screen:

-8<-
If the ciphersuite selected for h2 is...
BAD = peer MAY INADEQUATE_SECURITY
!BAD = peer MUST NOT INADEQUATE_SECURITY

Peers probably shouldn't negotiate BAD

where BAD is a fixed in-spec blacklist
->8-

Using the straw-man proposal on the last page of the PDF, this implies #5 (relax requirement to generate INADEQUATE_SECURITY) and a modification of #2 (Nominate a fixed list of suites for use with H2+TLS12) to a blacklist rather than a whitelist.

Not explicit here but implied (and seemingly not controversial) were #1 (making all cipher suite requirements specific to TLS 1.2), #3 (keep the required interop suite as mandatory to deploy) and #4 (Clarify that cipher suite requirements apply to deployments, not impl).

Note that there is NOT a requirement to use or not use particular cipher suites; only a prose note that if you do so, you may encounter problems. This is somewhat in the spirit of #4.

#6 didn’t seem to get significant support, so I think the plan is to drop it.


Martin is going to prepare a pull request with exact text, using the requirements currently in 9.2.2 to create the blacklist.

Based on the reaction in the meeting (which included some but not all stakeholders) as well as some 1-to-1 discussions I’ve had with people who weren’t there, I believe that this is likely to be as close to a consensus position that we can get. 

Please ask comment or questions if need be, and indicate your support or lack thereof (now if you’re comfortable doing that, or after Martin shows exact text).

Regards,


--
Mark Nottingham   http://www.mnot.net/

Received on Wednesday, 12 November 2014 02:04:00 UTC