W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

Re: CSP: Minimum cipher strength

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 10 Sep 2014 09:31:26 -0400
Message-ID: <541052AE.2050505@fifthhorseman.net>
To: Frederik Braun <fbraun@mozilla.com>, public-webappsec@w3.org
On 09/10/2014 04:27 AM, Frederik Braun wrote:
> What if the User Agent was to remember the current strength (implicitly
> obtained?) and never to accept a weaker setup in the future?

Even assuming that there was a clear linear ordering of strengths for
this metric (e.g. is a ciphersuite with PFS based on a 1024-bit DHE key
exchange stronger or weaker than a ciphersuite *without* PFS based on
encrypting to a 2048-bit RSA key?), a rule like this would still need to
be signaled from the server-side, otherwise phased rollouts of new
ciphersuites at a load-balanced frontend would cause intermittent
failures on the site.

For example, a site is load-balanced between front-end machines A and B.
 A has been upgraded to support new whiz-bang cipher suite X, but B has
not.  X is "stronger" than all ciphersuites known by B.

the user-agent rolls the dice and connects to A, selecting ciphersuite X.

The next visit, the user-agent connects to B, and rejects the connection
because B only supports the "weaker" ciphersuites.

	--dkg


Received on Wednesday, 10 September 2014 13:32:05 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC