W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

From: Simone Bordet <simone.bordet@gmail.com>
Date: Wed, 24 Sep 2014 11:23:22 +0200
Message-ID: <CAFWmRJ3cganH+HVkSvH1hYVfNa1RnEOuBnSYMPrK-kFQdq8eYg@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Eric Rescorla <ekr@rtfm.com>, Roland Zink <roland@zinks.de>, HTTP Working Group <ietf-http-wg@w3.org>

On Wed, Sep 24, 2014 at 11:14 AM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> On 24 September 2014 02:08, Simone Bordet <simone.bordet@gmail.com> wrote:
>> Old h2 clients that are dynamically linked to a new TLS implementation
>> will have X but not know that is acceptable.
> Implementations shouldn't be enabling cipher suites that they don't understand.

Not sure what you mean here.

The new TLS implementation understands the cipher.
Any other non-h2 protocol will make use of it even if they don't
"understand it", because it's not their concern.
We all know h1 will work with any future TLS specification and any
future cipher.

A polyglot client that can speak multiple protocols (e.g. h1, h2)
cannot just disable ciphers globally only because one of those
protocols has special needs, also considering the client has no idea
what protocol will be chosen.

Thanks !

Simone Bordet
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz
Received on Wednesday, 24 September 2014 09:23:50 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC