- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 25 Sep 2014 01:30:13 -0700
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 24 September 2014 04:17, Mark Nottingham <mnot@mnot.net> wrote: > a) Explicitly note that INADEQUATE_SECURITY is thrown in 9.2.2 (it’s implied by 9.2 but let’s be explicit). This should happen regardless. Sure. I'll add this to my open PR on this general issue. > b) Change the start of #2 above to “HTTP/2”. This should happen regardless. Ditto. > c) Change #2 above to “HTTP/2 MUST NOT be used with cipher suites that are known to be stream or block ciphers.” This emphasises that it’s a blacklist, not a whitelist, and avoids throwing INADEQUATE_SECURITY when encountering a cipher suite with unknown properties. The "known to be" is a problem here. That implies an uncertainty that would actually reinforce Greg's concerns around fragility and suite agility. This is not ambiguous at all; a cipher suite is either a stream/block cipher or it is not (same goes for the PFS thing). Based on this discussion, I think that there needs to be a d) here where we note that implementations MUST NOT offer cipher suites where these properties (PFS, stream/block mode) are unknown. This was an assumption on my part that turns out to be important. With that change, I think that the concern about fragility becomes immaterial.
Received on Thursday, 25 September 2014 08:30:41 UTC