John Scudder's No Objection on draft-ietf-httpbis-http2bis-06: (with COMMENT) from John Scudder via Datatracker on 2022-01-05 (ietf-http-wg@w3.org from January to March 2022)

From: John Scudder via Datatracker <noreply@ietf.org>
Date: Wed, 05 Jan 2022 14:53:55 -0800
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-httpbis-http2bis@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, mnot@mnot.net, mnot@mnot.net
Message-ID: <164142323527.2052.15457443201983011410@ietfa.amsl.com>

John Scudder has entered the following ballot position for
draft-ietf-httpbis-http2bis-06: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-httpbis-http2bis/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for this eminently readable document.

I do have one piffling little question. Appendix A ends with

      |  Note: This list was assembled from the set of registered TLS
      |  cipher suites when [RFC7540] was developed.  This list includes
      |  those cipher suites that do not offer an ephemeral key exchange
      |  and those that are based on the TLS null, stream, or block
      |  cipher type (as defined in Section 6.2.3 of [TLS12]).
      |  Additional cipher suites with these properties could be
      |  defined; these would not be explicitly prohibited.

This text leaves me with the strong impression that the authors think it would
be in exceedingly poor taste to make use of additional cipher suites with these
properties, even if you can’t a priori forbid them. Then again you haven’t even
explicitly prohibited the ones you do list, just said that implementations MAY
reject them.

What I’m getting around to here, is the question of whether you can and should
be a little more concrete about the “in exceedingly poor taste” thing if indeed
that is what you intend. E.g., something like “although future cipher suites
can’t be explicitly listed here for obvious reasons, implementations may wish
to consider giving such future suites equivalent treatment.”

The language about “explicitly prohibited” also makes me wonder if you believe
you’ve explicitly prohibited the suites you list. As mentioned above, you
haven’t, strictly speaking.

Received on Wednesday, 5 January 2022 22:54:09 UTC