- From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Date: Wed, 10 Sep 2014 09:31:26 -0400
- To: Frederik Braun <fbraun@mozilla.com>, public-webappsec@w3.org
Received on Wednesday, 10 September 2014 13:32:05 UTC
On 09/10/2014 04:27 AM, Frederik Braun wrote: > What if the User Agent was to remember the current strength (implicitly > obtained?) and never to accept a weaker setup in the future? Even assuming that there was a clear linear ordering of strengths for this metric (e.g. is a ciphersuite with PFS based on a 1024-bit DHE key exchange stronger or weaker than a ciphersuite *without* PFS based on encrypting to a 2048-bit RSA key?), a rule like this would still need to be signaled from the server-side, otherwise phased rollouts of new ciphersuites at a load-balanced frontend would cause intermittent failures on the site. For example, a site is load-balanced between front-end machines A and B. A has been upgraded to support new whiz-bang cipher suite X, but B has not. X is "stronger" than all ciphersuites known by B. the user-agent rolls the dice and connects to A, selecting ciphersuite X. The next visit, the user-agent connects to B, and rejects the connection because B only supports the "weaker" ciphersuites. --dkg
Received on Wednesday, 10 September 2014 13:32:05 UTC