- From: Greg Wilkins <gregw@intalio.com>
- Date: Wed, 24 Sep 2014 08:41:46 +1000
- To: Eric Rescorla <ekr@rtfm.com>
- Cc: Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAH_y2NEZTA9bZiz4NNpOqvEZNpcattHwy+pRYoai5SamYvNEdw@mail.gmail.com>
On 24 September 2014 06:17, Eric Rescorla <ekr@rtfm.com> wrote: > > On Tue, Sep 23, 2014 at 11:36 AM, Greg Wilkins <gregw@intalio.com> wrote: > >> >> If the answer to this is to make h2 clients not offer new ciphers >> provided by their infrastructure until such time as their h2 impl is >> updated, >> > > I think that this is how h2 clients must behave in order to make the > requirements > in 9.2.2 work. Can we agree that if h2 clients behave this way, that there > is not > an interop problem? > We can definitely agree on this. If the client does not offer a cipher that it later rejects due to the protocol the server selects, then we do not get this problem. However, I'm not sure we can achieve that with any reasonable extension of 9.2.2 Firstly there is the practical problem that a lot of non browser clients are administered with black lists rather than white lists. So for example a java client that is run on a new JVM is likely to have new ciphers. So at the very least we need to instil a cultural change to make such clients white list instead. But the bigger problem is that when offering a TLS connection, the client may be offering it for h1, h2 and spdy. Thus this way out of the 9.2.2 interop problem will mean that clients will not be able to take advantage of the latest greatest ciphers for h1 I agree that it remains an open question what the impact on > new cipher adoption will be. > Indeed. Waiting until h2 implementations officially white list ciphers is going to be a hindrance to the adoption of new ciphers for h1, spdy and any other protocols negotiated over ALPN. If this really is something we want to do, then I repeat my suggestion that we look at extending ALPN so that it communicates the cipher sets for each protocol. But generally, seeing that TLS connections are negotiated for both h1 and h2, I think the correct place for new cipher policies to be advanced is in an update of rfc2818 and/or rfc7301 rather than in this draft. cheers -- Greg Wilkins <gregw@intalio.com> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Tuesday, 23 September 2014 22:42:14 UTC