Re: #612: 9.2.2 requirements

> Am 31.10.2014 um 22:05 schrieb Brian Smith <brian@briansmith.org>:
> 
> 
> First of all, it is almost always going to be a bad idea to have the server TLS stack choose which application protocol to use. Instead, it should defer that choice to the server application. 

The TLS layer can check the ALPN and then call the appropriate server application, e.g. If it contains h2 then call the h2 stack, if it SMTP then call the SMTP stack and as fallback call the http/1.1 stack. Give this to the application layer protocol handler seem to be a layering problem.


> Second of all, if the server doesn't take that advice, and the TLS stack has already chosen h2, then the HTTP/2 layer might as well keep going on the assumption that XYZ is OK, because it 
I think this violates 9.2.2.

> hasn't given itself any better choice, due to not taking that advice. If things don't work, the server administrator will likely fix it by improving the cipher suite configuration, probably by reading section 9.2.2 of the specification or documentation derived from it. Of course, it's better for the server software implementation to just automatically do the right thing, but that's a quality-of-implementation issue, not a protocol issue.

The protocol doesn't provide it and you give the correct handling to the application. What should a TLS protocol offloading device do? Does it needs to know all requirements of all future protocols or is there an interaction with the upper layer processing machines necessary?

Regards,
Roland

Received on Saturday, 1 November 2014 10:17:55 UTC