Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Jason Greene <jason.greene@redhat.com> Mon, 22 September 2014 16:44 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E86F21A1B07 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Sep 2014 09:44:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.688
X-Spam-Level:
X-Spam-Status: No, score=-7.688 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YU9o1bXSWrlA for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Sep 2014 09:44:39 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 717831A1B09 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 22 Sep 2014 09:44:39 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XW6gq-0003Gh-PS for ietf-http-wg-dist@listhub.w3.org; Mon, 22 Sep 2014 16:42:16 +0000
Resent-Date: Mon, 22 Sep 2014 16:42:16 +0000
Resent-Message-Id: <E1XW6gq-0003Gh-PS@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <jason.greene@redhat.com>) id 1XW6gX-0003FJ-NH for ietf-http-wg@listhub.w3.org; Mon, 22 Sep 2014 16:41:57 +0000
Received: from mx1.redhat.com ([209.132.183.28]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <jason.greene@redhat.com>) id 1XW6gW-0004tf-Hl for ietf-http-wg@w3.org; Mon, 22 Sep 2014 16:41:57 +0000
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s8MGfP1L002833 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 22 Sep 2014 12:41:25 -0400
Received: from [10.3.231.41] (vpn-231-41.phx2.redhat.com [10.3.231.41]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s8MGfNX7029930 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 22 Sep 2014 12:41:24 -0400
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Jason Greene <jason.greene@redhat.com>
In-Reply-To: <CABcZeBPvQfkqnPkfzY53RVAHNw0govmp8p8obvp99w8zs4=RKw@mail.gmail.com>
Date: Mon, 22 Sep 2014 11:41:22 -0500
Cc: Greg Wilkins <gregw@intalio.com>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D7B49F55-663F-4005-AD06-7E4057491608@redhat.com>
References: <CAH_y2NF+sP9BmYuD4QbeHpwC_uj67itzaAFCnRVC6f--KDYOgg@mail.gmail.com> <CAOdDvNopynmwvwWLXvuC0q7skunFXcfRoVHe9s7BKcoCwaBgWQ@mail.gmail.com> <CAH_y2NGXz7e3ejqy_rD=39=yYp3+cS1Dm6c3yFEYZg6tsUp5VQ@mail.gmail.com> <CABkgnnWAdm1TLP2XCKNU-6RPACLfooQV73R7Gpoemv+9PNULCA@mail.gmail.com> <CAH_y2NFLjok-NRJtOw1vmSy68sf393iSOgA4K599q0BSBqbNgA@mail.gmail.com> <CABkgnnU-CMtv8KvYU9n+QoPBOBshtQv3RfLy2qw=qVNb2O-qGg@mail.gmail.com> <CAH_y2NHrbH5Objwhq9E89QexhQtND4uOdy8q7OEckTCU17WqKg@mail.gmail.com> <CAH_y2NErRd4rxinSzEH3-uTjdWVkZu9o6sSKSf47LxfPFTRONw@mail.gmail.com> <20140917073241.GA7665@LK-Perkele-VII> <CAFewVt4pxE+9NpzYuzMKGmEdrDXzk50mC99ZbrM6M-uEoKXrHA@mail.gmail.com> <CAH_y2NGYcDvPcxDvaTRBP3p4Pnb7gw39WUDY3bNVnOGQjBgciQ@mail.gmail.com> <CAFewVt7+UAJYfKAR6DRZi_mqdzSaYw6L-pT1qg=UyOaP1ojhTw@mail.gmail.com> <CAH_y2NEhAEaPiUgi_vX6Oimw+Y-k3WrnL0gJZKPxQ8KZVuFVfw@mail.gmail.com> <CABkgnnU6C+TzJzdeQZhwXucuPUrPh1yyp1cpRd9jSePMjAnONQ@mail.gmail.com> <CAH_y2NEHZbWLof=ZWEa2UdjBw1Bf+kQCHzPkrhc! SU80WaDibeA@mail.gmail.com> <CAOdDvNrdrBNi0kZDorR+8K-5-sPFipVr=U0kx5r56oPX_LhJSA@mail.gmail.com> <CAH_y2NH=skUXk0QwCs4uVqWE=iOLhi5K+kvARDUQ7uMeogrw9A@mail.gmail.com> <CABcZeBPvQfkqnPkfzY53RVAHNw0govmp8p8obvp99w8zs4=RKw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
Received-SPF: pass client-ip=209.132.183.28; envelope-from=jason.greene@redhat.com; helo=mx1.redhat.com
X-W3C-Hub-Spam-Status: No, score=-6.4
X-W3C-Hub-Spam-Report: AWL=-0.468, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.964, SPF_HELO_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1XW6gW-0004tf-Hl cf1d8036da2c766c2882b9752e3aa39e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Archived-At: <http://www.w3.org/mid/D7B49F55-663F-4005-AD06-7E4057491608@redhat.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27146
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Sep 22, 2014, at 11:18 AM, Eric Rescorla <ekr@rtfm.com> wrote: > > I don't actually think this is that important an issue either. As I understood the discussion > in Zurich, the new TLS limitations were directed towards pulling users of HTTP2 towards > modern algorithms. However, algorithms which have serious weaknesses should probably > be deprecated in all versions of HTTP (as with https://tools.ietf.org/html/draft-ietf-tls-prohibiting-rc4-00) > > Say we decided that in future we preferred Aero (https://tools.ietf.org/html/draft-mcgrew-aero-01) > to AEAD constructions. That seems like something we could roll out in HTTP3 but wouldn't > be appropriate to retroactively apply to TLS 1.2 unless there was something seriously wrong > with AEAD (and then see above). I think this hypothetical actually counters your point. Every rev of the HTTP spec introduces interop cost, therefore having to rev the protocol just because TLS needs to rev is unnecessary cost. -- Jason T. Greene WildFly Lead / JBoss EAP Platform Architect JBoss, a division of Red Hat
- 9.2.2 Cipher fallback and FF<->Jetty interop prob… Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jim Manico
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Mark Nottingham
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Julian Reschke
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Rob Trace
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … John Mattsson