Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

WRT to the process point, as Mark says there were  a number of TLS people
in this discussion. I don't see a process problem with WGs profiling their
own TLS cipher
suites, though from a substantive perspective I would definitely hope that
they would
align them with the direction that TLS is going. That seems to have
happened here:
the cipher suites which are required in 9.2.2. are the ones the will be
for TLS 1.3.

Again, I don't really have a dog in this fight, and this might be a bad
idea for technical
or other reasons, but I don't believe there's a process problem.


On Mon, Sep 22, 2014 at 3:55 PM, Mark Nottingham <> wrote:

> On 22 Sep 2014, at 3:05 pm, Greg Wilkins <> wrote:
> >
> > I think it is unworkable.... but let's follow our charter to determine
> if it really is.  Our charter says that we should be coordinating the TLS
> working group and let's see if they are happy to insist that TLS police
> application protocol crypto requirements.
> Greg, this was all done with deep involvement from the TLS WG; Eric was
> chair at the time, and now the document editor for 1.3.
> There may be some mitigations we can introduce to make this easier for
> you. Dropping 9.2.2 isn’t on the table here — it’s been discussed for quite
> some time, with input from TLS and SECAREA, and has strong support.
> One thing that I’ve heard is requiring clients to offer the “good” suites
> first, to promote interop. Does anyone see a downside to doing that?
> The other is making all of 9.2.2 (and maybe 9.2.1) specific to TLS 1.2;
> i.e., to let TLS 1.3 and beyond control their own destiny.
> Regards (and about to get on a plane),
> --
> Mark Nottingham

Received on Tuesday, 23 September 2014 08:17:07 UTC