Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

On 24.09.2014 09:02, Eric Rescorla wrote:
> I'm sorry, I'm not following this point.
> Say that someone invents some new cipher suite, X. It's either
> acceptable for h2 or it's not [0]. The client then behaves as follows:
> - If it is acceptable for h2, the client offers it, since everything is
>   fine.
> - If it's not acceptable for h2, the client offers it, secure in the
>   knowledge that a conformant server will (per 9.2.2) not negotiate
>   it for h2.
> As far as I can tell, either of these is fine. Do you disagree?
When h2 is upgraded to allow X (per 9.2.2X) then an old client offering 
X only for some other protocol will not work with a new h2 server as it 
will reject based on 9.2.2. So to allow X we would need h3. When you 
assume the h2 client just white lists the current set of AEAD ciphers 
then you not even can add a new AEAD cipher as the client may reject it 
for h2 even when offered in the list of supported ciphers.


Received on Wednesday, 24 September 2014 08:43:34 UTC