Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem from Greg Wilkins on 2014-09-22 (ietf-http-wg@w3.org from July to September 2014)

From: Greg Wilkins <gregw@intalio.com>
Date: Tue, 23 Sep 2014 09:40:47 +1000
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAH_y2NFb9EYZ+VFbHoDYK46gXRhigjNhxWG+e-NvDn_soNHRog@mail.gmail.com>

On 23 September 2014 08:55, Mark Nottingham <mnot@mnot.net> wrote:

> One thing that I’ve heard is requiring clients to offer the “good” suites
> first, to promote interop. Does anyone see a downside to doing that?

I really don't understand the process of last call and working code if when
an interop problem is discovered the response is that "it's all been
discussed before so no changes are possible"!

If 9.2.2 requirements are going to stay, then the client has to communicate
its interpretation of that clause to the server, rather than make the
server guess.   Ordering is insufficient as it just is a fragile approach
to try to hide the problem rather than resolve the problem.

Potentially ALPN needs to be extended so it can communicate which ciphers
are acceptable for which protocols.  Or some other mechanism needs to be
proposed that will allow identical simultaneous interpretations of 9.2.2
now and into the distant future.

The downside of requiring ordering is that it continues the wrong
assumption that the application protocol implementers have any
access/influence on the TLS implementation.  TLS is a different layer,
often with intermediary layers in between and frequently running on
different hardware.    If you want application protocols to be able to
participate in cipher negotiations, then you have to work on the standards
associated with TLS to ensure that such access is offered.       We are
already getting push back from the ALPN implementors in java8 that they do
not believe we should be involved in cipher selection.

Currently the only way to deploy h2 on java is to hack the JVM TLS
implementation.   That is a fragile temporary approach, but does allow me
to implement 9.2.2 at the moment.     However, for any wide deployment, I
need to restrict my server to using standard APIs and not doing hacks to
the bootloader of my VM.    The standard APIs only give me access to the
cipher as a name, so I fail to see how any name matching I do can keep in
lock step with the changing TLS implementations underneath the server.

regards

-- 
Greg Wilkins <gregw@intalio.com>
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.

Received on Monday, 22 September 2014 23:41:20 UTC