Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem from Martin Thomson on 2014-09-23 (ietf-http-wg@w3.org from July to September 2014)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 23 Sep 2014 01:06:43 -0700
To: Willy Tarreau <w@1wt.eu>
Cc: Jason Greene <jason.greene@redhat.com>, patrick mcmanus <pmcmanus@mozilla.com>, Greg Wilkins <gregw@intalio.com>, Eric Rescorla <ekr@rtfm.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnXfwRaENVwxS6tox0dnKZkP=L-vC3i8QJhtvDZ9QLbcnQ@mail.gmail.com>

On Sep 23, 2014 6:48 AM, "Willy Tarreau" <w@1wt.eu> wrote:

> I think it's not easy to tell what will exist in the future, however we
can
> exhaustively list what existing ciphers we don't want to support. Thus,
> shouldn't we instead enumerate a list of properties that are incompatible
> with HTTP/2?

That is precisely what 9.2.2. does:

* MUST ephemeral

* MUST NOT block or stream cipher

The only other piece in 9.2.2 is dealing with the consequences of that.
SInce we prohibit the "MUST implement" suite in TLS 1.2, we defined a new
one so that we don't end up with mutually exclusive sets.

(Seems like every one is on a plane, one wonders if there is something
going on.)

Received on Tuesday, 23 September 2014 08:07:11 UTC