W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Greg Wilkins <gregw@intalio.com>
Date: Fri, 5 Sep 2014 20:56:53 +1000
Message-ID: <CAH_y2NEo1YaBNs5AF0rEZre4_ey=4=CmTpnVG=Q8RkC5bHrYOg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Note that RFC7301 says:

   This document describes a Transport Layer Security (TLS) extension
   for application-layer protocol negotiation within the TLS handshake

If 9.2.2. is to stand, then I believe that we need a new version of ALPN
specification
(or errata or similar) that says something like:

   This document describes a Transport Layer Security (TLS) extension
   for negotiation of application-layer protocol and TLS cipher suite
   combinations within the TLS handshake

Otherwise, when ALPN is natively supported in the JVM8, there is nothing
stopping
them implementing it as we did according to RFC7301 and producing an
extension that
only negotiates protocol and thus cannot support what 9.2.2 requires.

It would also still be good to get an answer of why we need 9.2.2 ?
If the ciphers are inadequate for h2, then why aren't they inadequate for
http/1, spdy and
other protocols the ALPN might list?

-- 
Greg Wilkins <gregw@intalio.com>
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.
Received on Friday, 5 September 2014 10:57:21 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC