IETF Logo Mail Archive

Re: Discussion of 9.2.2

Jason Greene <jason.greene@redhat.com> Fri, 26 September 2014 15:42 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 772E01A7023 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 26 Sep 2014 08:42:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.688
X-Spam-Level:
X-Spam-Status: No, score=-7.688 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1L_br2ThcleF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 26 Sep 2014 08:42:17 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F3A61A6FE9 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 26 Sep 2014 08:42:17 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XXXct-0005FA-BM for ietf-http-wg-dist@listhub.w3.org; Fri, 26 Sep 2014 15:40:07 +0000
Resent-Date: Fri, 26 Sep 2014 15:40:07 +0000
Resent-Message-Id: <E1XXXct-0005FA-BM@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <jason.greene@redhat.com>) id 1XXXcZ-0003v5-2d for ietf-http-wg@listhub.w3.org; Fri, 26 Sep 2014 15:39:47 +0000
Received: from mx1.redhat.com ([209.132.183.28]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <jason.greene@redhat.com>) id 1XXXcX-0004Ms-Ve for ietf-http-wg@w3.org; Fri, 26 Sep 2014 15:39:47 +0000
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s8QFdHhO013328 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 26 Sep 2014 11:39:17 -0400
Received: from [10.10.57.153] (vpn-57-153.rdu2.redhat.com [10.10.57.153]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s8QFdDxh003820 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 26 Sep 2014 11:39:15 -0400
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Jason Greene <jason.greene@redhat.com>
In-Reply-To: <FFEEC4CF-CC2A-4B68-906D-CAA4ECFC0BBD@redhat.com>
Date: Fri, 26 Sep 2014 10:39:13 -0500
Cc: Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Michael Sweet <msweet@apple.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <74ECE69E-B44B-478C-9D6A-1B0CCD05D564@redhat.com>
References: <F0D4BA2A-46B2-4F1A-8A23-1A319A3E5FC0@mnot.net> <CABkgnnWszVer8Y3qgmEQnxNKUhroUEeseC8JkBbGT2P6z3iZxQ@mail.gmail.com> <36736818-C125-4390-841B-94AD76A45EA0@apple.com> <67BE9032-4441-46DE-8929-A25E4FEF3CCF@redhat.com> <CABcZeBPUihY6-i7EEhWq35=RNA--ZHMqnjkJQnO+_OZkfwoPdQ@mail.gmail.com> <FFEEC4CF-CC2A-4B68-906D-CAA4ECFC0BBD@redhat.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
Received-SPF: pass client-ip=209.132.183.28; envelope-from=jason.greene@redhat.com; helo=mx1.redhat.com
X-W3C-Hub-Spam-Status: No, score=-6.3
X-W3C-Hub-Spam-Report: AWL=-0.594, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.703, SPF_HELO_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1XXXcX-0004Ms-Ve a9daddc2cfef45e807df941077b407d7
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Discussion of 9.2.2
Archived-At: <http://www.w3.org/mid/74ECE69E-B44B-478C-9D6A-1B0CCD05D564@redhat.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27260
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Sep 26, 2014, at 10:32 AM, Jason Greene <jason.greene@redhat.com> wrote:

> 
> On Sep 26, 2014, at 10:09 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
>> 
>> On Fri, Sep 26, 2014 at 7:55 AM, Jason Greene <jason.greene@redhat.com> wrote:
>> Has there been any discussion and buy-in with the major TLS implementers (OpenSSL, LibreSSL, Microsoft, NSS, etc) about the need to provide a characteristic-based priority and introspection API that also allows for different policies per TLS version?
>> 
>> According to Michaels investigation it looks like all of them fall short of this.
>> 
>> As I indicated previously, NSS provides the necessary introspection API.
>> 
>> http://lists.w3.org/Archives/Public/ietf-http-wg/2014JulSep/2296.html
> 
> I saw that one, but it does not seem to allow me to say aead or anything stronger. Code written against this API would fail with aero for example. So we would need an AEAD+ like construct.  Today this is ok because AEAD is the latest. However, if a few months from now NSS adds it, the application will not be able to use it without a code update.

Answering my own question on the introspection, that could work with !block && !stream as greg mentioned earlier.

--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat

v2.46.0 | Report a Bug | By Email | System Status