IETF Logo Mail Archive

Re: Discussion of 9.2.2

Michael Sweet <msweet@apple.com> Sat, 27 September 2014 20:38 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C87651A0327 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 27 Sep 2014 13:38:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.578
X-Spam-Level:
X-Spam-Status: No, score=-7.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zVmes2yGtUiX for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 27 Sep 2014 13:38:55 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 487DD1A02FE for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 27 Sep 2014 13:38:54 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XXyiB-0006w7-0J for ietf-http-wg-dist@listhub.w3.org; Sat, 27 Sep 2014 20:35:23 +0000
Resent-Date: Sat, 27 Sep 2014 20:35:23 +0000
Resent-Message-Id: <E1XXyiB-0006w7-0J@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <msweet@apple.com>) id 1XXyha-0005LJ-T8 for ietf-http-wg@listhub.w3.org; Sat, 27 Sep 2014 20:34:46 +0000
Received: from mail-out4.apple.com ([17.151.62.26] helo=mail-in4.apple.com) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <msweet@apple.com>) id 1XXyhZ-0001zD-T8 for ietf-http-wg@w3.org; Sat, 27 Sep 2014 20:34:46 +0000
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1411850058; x=2275763658; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=8wAS/AM978xi2aSpEzyzpUFHnU72kFKsyBDuFHvVd1g=; b=FTPAHgzBBQDBF39UhrqJpPnqOE3KamxRICE4IJszW7bKfTd5r+GsHeuwQNgc1rzi UY4VMWIjZNjCf3EVblughIg0XehwrGOfsPx4XeKgFt0DPYOFpVrsPiUNLTD5UeSn g6mu6tal/OS5lTN9p6KqGFH3rhjJq7G4Wxo/O2k1FXORCJJelGy1LAtuenkP9PzT DL2qbrT2GQwVeoMMtBTWvUralTnfmlyjKLhoGRdlb4jrr+ft4ww88w4JfWwBNMnm tX0qxyTAxmI4eq7x2aBjjp0eIfq0136TVZGMYlC36YXXjRlCh7I/omNQCW0II4vD L9PlyHv617XEN9LJFC+KXA==;
Received: from mail-out.apple.com (mail-out.apple.com [17.151.62.50]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by mail-in4.apple.com (Apple Secure Mail Relay) with SMTP id A3.AE.08433.94F17245; Sat, 27 Sep 2014 13:34:18 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; CHARSET="US-ASCII"
Received: from relay6.apple.com ([17.128.113.90]) by local.mail-out.apple.com (Oracle Communications Messaging Server 7.0.5.30.0 64bit (built Oct 22 2013)) with ESMTP id <0NCK003IWUGUBCF0@local.mail-out.apple.com> for ietf-http-wg@w3.org; Sat, 27 Sep 2014 13:34:17 -0700 (PDT)
X-AuditID: 11973e12-f792b6d0000020f1-98-54271f49fa81
Received: from spicerack.apple.com (spicerack.apple.com [17.128.115.40]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by relay6.apple.com (Apple SCV relay) with SMTP id CB.53.30921.93F17245; Sat, 27 Sep 2014 13:34:01 -0700 (PDT)
Received: from [17.153.46.170] (unknown [17.153.46.170]) by spicerack.apple.com (Oracle Communications Messaging Server 7.0.5.30.0 64bit (built Oct 22 2013)) with ESMTPSA id <0NCK000FVUH3ZX70@spicerack.apple.com> for ietf-http-wg@w3.org; Sat, 27 Sep 2014 13:34:17 -0700 (PDT)
From: Michael Sweet <msweet@apple.com>
In-reply-to: <20140927073925.GH26372@1wt.eu>
Date: Sat, 27 Sep 2014 16:34:15 -0400
Cc: Eric Rescorla <ekr@rtfm.com>, Jason Greene <jason.greene@redhat.com>, Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-id: <024AF99B-FC93-4028-8CA1-B9DAC5F3F15C@apple.com>
References: <F0D4BA2A-46B2-4F1A-8A23-1A319A3E5FC0@mnot.net> <CABkgnnWszVer8Y3qgmEQnxNKUhroUEeseC8JkBbGT2P6z3iZxQ@mail.gmail.com> <36736818-C125-4390-841B-94AD76A45EA0@apple.com> <67BE9032-4441-46DE-8929-A25E4FEF3CCF@redhat.com> <CABcZeBPUihY6-i7EEhWq35=RNA--ZHMqnjkJQnO+_OZkfwoPdQ@mail.gmail.com> <F8A9D418-9DA2-48E9-9CD8-45F86A3B2E30@apple.com> <20140927073925.GH26372@1wt.eu>
To: Willy Tarreau <w@1wt.eu>
X-Mailer: Apple Mail (2.1985.4)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrHLMWRmVeSWpSXmKPExsUiON3OSNdLXj3EYHGpxeGWWUwOjB5H5+1n DWCM4rJJSc3JLEst0rdL4Mq4cL2RuWApT8WfB2+ZGxjfcnYxcnJICJhIvD21hwnCFpO4cG89 WxcjF4eQwCwmiQsXvrKBJHgFBCV+TL7H0sXIwcEsIC9x8LwsSJhZQEvi+6NWFrj63TtmMMIM PbjmFBNEYjKTxJK/sxghnNlMEsu2fgebJCygIPH+uz5IA5uAmsTvSX2sIDangI7E7ZmTWEBs FgFVia1LHrCD9DILHGKUeNV4BeoiG4nZ9/qgNrQySzS33AD7QURARqJp6nQWiDPkJZZe2g62 WULgM6vE7xUbGScwisxC8tIshJdmIXlpASPzKkah3MTMHN3MPBO9xIKCnFS95PzcTYyQABfa wXhqldUhRgEORiUe3gJRtRAh1sSy4srcQ4zSHCxK4rwLH6mGCAmkJ5akZqemFqQWxReV5qQW H2Jk4uCUamCcO2m5eJyR8QkfxS6W5x9nrlnDqfVfKSbOPSrSNWU13/u1cS5r0wJLwvaxsU3g N35/0dF14hvvyJWat/anzJ7b0brnmq3ZlZB5PZOZmN7LP+sL/22p6JAXec55Ycp8laSNd7yC GJufML3I/3dn+2WxL5Lz8+6sd5kY12/85IxWg/GSRBkhoQAlluKMREMt5qLiRACssm11UQIA AA==
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrOLMWRmVeSWpSXmKPExsUi2FCsoWsprx5i0HGQ2+JwyywmB0aPo/P2 swYwRnHZpKTmZJalFunbJXBlPDgwnbngBk9F//TVrA2MrVxdjJwcEgImEgfXnGKCsMUkLtxb z9bFyMUhJDCZSeLCsUXsEM5sJollW7+zdDFycAgLKEi8/64P0sArYCBx9cR7RhCbWUBLYv3O 42CD2ATUJH5P6mMFsTkFdCRuz5zEAmKzCKhKbF3yAGwms8AhRolXjVfYIJq1JZ68u8AKMdRG Yva9PiaIxa3MEs0tN8CmigjISDRNnc4Ccaq8xNJL2xknMArMQnLILCSHzEIydwEj8ypGgaLU nMRKM73EgoKcVL3k/NxNjODgK4zawdiw3OoQowAHoxIPb4GoWogQa2JZcWUu0IUczEoivFZz gUK8KYmVValF+fFFpTmpxYcYpTlYlMR5n5arhAgJpCeWpGanphakFsFkmTg4pRoYPV9V5xeE 2L5cmzDt3C0Rl8yLnwX3Gqlx997Z+Ujqkurl0ucSMcxz41+fL4tJyda2MHBNP7qgTSPff6Xq D574Hfy7osJ/TFX1PqRUG/qyfO279Q+F/Xx58+97RR4IO8JycceN7gsOsV+m/heWS4v9OW/t T73e2Wf7BNT8j8cbvcjKXn6CR/WJEktxRqKhFnNRcSIACtEY/joCAAA=
Received-SPF: pass client-ip=17.151.62.26; envelope-from=msweet@apple.com; helo=mail-in4.apple.com
X-W3C-Hub-Spam-Status: No, score=-5.7
X-W3C-Hub-Spam-Report: AWL=-0.524, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.862, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1XXyhZ-0001zD-T8 5937c4ec0c7d8ccacdb781d6dc7e65e6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Discussion of 9.2.2
Archived-At: <http://www.w3.org/mid/024AF99B-FC93-4028-8CA1-B9DAC5F3F15C@apple.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27298
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Willy,

> On Sep 27, 2014, at 3:39 AM, Willy Tarreau <w@1wt.eu> wrote:
> 
> On Fri, Sep 26, 2014 at 09:13:23AM -0700, Michael Sweet wrote:
>> Eric,
>> 
>> If you have a multi-protocol client that opportunistically uses HTTP/2 (which
>> will likely be the case for a very long time for any web browser at least),
>> then you can't simply require TLS/1.2 or omit non-HTTP/2 cipher suites from
>> negotiation because that will cause existing HTTP/1.1 (and SPDY) servers to
>> stop working if they don't support the specific TLS/1.2 ciphers or cannot
>> negotiate TLS/1.2 at all.
> 
> I'm suddenly wondering about something : why is it that we have to support
> different ciphers for H1 and H2 despite transporting the exact same contents ?
> If some ciphers are not acceptable for H2, that makes me think they are at
> risk for H1 as well, so shouldn't we say that if an agent wants to support
> H1 as a fallback to H2 during a handshake, then it should only support the
> ciphers that are compatible with both, even if this means the handshake
> might fail on some old H1 servers (hence they'll have to retry with H1 only
> and more ciphers). That would also probably speed up H2 adoption and clean up
> of older ciphers.

I suspect that someone deploying a H2 server will not want something that degrades the user experience of those using H1.  So I don't think that it will speed up H2 adoption - quite the opposite, in fact.

_________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair

v2.46.0 | Report a Bug | By Email | System Status