Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

On 22 Sep 2014, at 3:05 pm, Greg Wilkins <gregw@intalio.com> wrote:
> 
> I think it is unworkable.... but let's follow our charter to determine if it really is.  Our charter says that we should be coordinating the TLS working group and let's see if they are happy to insist that TLS police application protocol crypto requirements.

Greg, this was all done with deep involvement from the TLS WG; Eric was chair at the time, and now the document editor for 1.3.

There may be some mitigations we can introduce to make this easier for you. Dropping 9.2.2 isnít on the table here ó itís been discussed for quite some time, with input from TLS and SECAREA, and has strong support. 

One thing that Iíve heard is requiring clients to offer the ďgoodĒ suites first, to promote interop. Does anyone see a downside to doing that?

The other is making all of 9.2.2 (and maybe 9.2.1) specific to TLS 1.2; i.e., to let TLS 1.3 and beyond control their own destiny.

Regards (and about to get on a plane),

--
Mark Nottingham   http://www.mnot.net/

Received on Monday, 22 September 2014 22:56:07 UTC