- From: Greg Wilkins <gregw@intalio.com>
- Date: Wed, 8 Oct 2014 09:03:53 +1100
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, Martin Thomson <martin.thomson@gmail.com>
- Message-ID: <CAH_y2NHjA1i4vW4GYHDxPed0GjNrCZeATL1Usdc53rUs-4YkJw@mail.gmail.com>
On 7 October 2014 16:57, Mark Nottingham <mnot@mnot.net> wrote: > Greg, you made quite a few proposals -- did I miss any others, or do you > want to selectively nominate one or more of them for consideration? If we really have to enforce TLS acceptability in the application protocol, then we need to do so with a robust handshake. Thus I would like to leave aside my arguments about the need for TLS restrictions and expand on one of my proposals to a concrete pull request. I will write a pull request tomorrow, but the basic approach will be to replace the text: Clients MAY advertise support of cipher suites that are prohibited by the above restrictions in order to allow for connection to servers that do not support HTTP/2.This enables a fallback to protocols without these constraints without the additional latency imposed by using a separate connection for fallback. With something along the lines of Clients MUST NOT advertise support of cipher suites that are prohibited by the above restrictions if they advertise support for HTTP/2. If a connection is refused due to lack of a mutually acceptable cipher a client MAY retry the connection with weaker ciphers, but it MUST NOT offer support HTTP/2. The intent of this is to make the success/failure of the handshake independent of the definition of 'h2 acceptable cipher'. While 9.2.2 might be considered well defined now, I doubt it will remain so when confronted with reality and the future. H2 acceptability is and will be a matter of configuration. Configurations will be deliberately or unintentionally non 9.2.2 compliant and the protocol should handle such configurations gracefully. The handshake must succeed IFF there is a mutually acceptable protocol/cipher pair and it must never fail with inadequate security if there is a mutually acceptable protocol/cipher pair. I will spend some time tomorrow to develop this into a pull request with more precise wording. If we have a robust handshake, then I'm happy to leave it to people more qualified than I am to debate what ciphers are acceptable and who should say so. cheers -- Greg Wilkins <gregw@intalio.com> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
Received on Tuesday, 7 October 2014 22:04:22 UTC