W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2014

Re: Discussion of 9.2.2

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 25 Sep 2014 18:56:21 +0100
Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <7A1E6A5E-02EC-4DB7-A078-E0BF7F89B70D@mnot.net>
To: Jason Greene <jason.greene@redhat.com>

On 25 Sep 2014, at 6:20 pm, Jason Greene <jason.greene@redhat.com> wrote:
> 1. H2 stack X, running on System A hard codes all known H2 compliant 1.2 ciphers
> 2. Time goes by, and a new stronger cipher C is released (either based on aero, or maybe just a new aead cipher in 1.3)
> 3. System B is a high security site and only allows cipher C

which is not conformant with "implementations of HTTP/2 that use TLS 1.2 MUST support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [TLS-ECDHE] with P256 [FIPS186].Ē (9.2.2) ó assuming itís still 1.2 (see below). Youíre building a straw-man here...

> 4. The administrator on System A installs a TLS stack update to latest 1.3, which contains cipher C, so that A can talk to B

If both parties both speak 1.3, 9.2.2 doesnít apply, as per recent discussion.

> 5. A now canít talk to B, and the administrator canít figure out why, and probably begrudges the switch to H2

See recent discussion regarding the language regarding unknown ciphers. Please address that proposal (mine or Martinís).


Mark Nottingham   http://www.mnot.net/
Received on Thursday, 25 September 2014 17:56:47 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 March 2016 09:57:10 UTC