Re: Ciphersuites (was Re: Mandatory to implement cipher suites) from Martin Thomson on 2014-07-20 (ietf-http-wg@w3.org from July to September 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Sat, 19 Jul 2014 19:28:45 -0700
To: Brian Smith <brian@briansmith.org>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Yoav Nir <ynir.ietf@gmail.com>
Message-ID: <CABkgnnXmRgW8RvsNCbb+aN+A0nnxDi=6FT6027ibzaXr-oW3CA@mail.gmail.com>

On Jul 19, 2014 3:33 PM, "Brian Smith" <brian@briansmith.org> wrote:
> > I'm afraid we can't really do that without a risk of interoperability
> > failure.  TLS mandates something that we prohibit the use of.
>
> Martin, I'm not sure what you are referring to with the pronouns in
> those two sentences. What can't we really do without the risk of
> interoperability failure? What is TLS mandating that we prohibit the
> use of?

TLS1.2, our minimum version, mandates RSA+AES-CBC. That is the only cipher
suite that is guaranteed to be present in a 1.2 implementation. But it does
not permit PFS, and it's not AEAD, so we have declared it to be verboten.
That leaves a real possibility that two implementations of HTTP/2 fail to
have a valid suite in common.

Your other points are noted. I'm not sure what I can do about them without
a time machine.

Regarding the DHE suite, I only have my phone, but I did check that the DHE
suite is listed and enabled by default in NSS code. Did I miss something?

Received on Sunday, 20 July 2014 02:29:13 UTC