Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Simone Bordet <simone.bordet@gmail.com> Mon, 22 September 2014 19:54 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3045E1A1B2B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Sep 2014 12:54:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.788
X-Spam-Level:
X-Spam-Status: No, score=-7.788 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dTCR3ZShBX-Z for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Sep 2014 12:54:12 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D8BE1A1B0E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 22 Sep 2014 12:54:12 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XW9eE-0000nO-Qo for ietf-http-wg-dist@listhub.w3.org; Mon, 22 Sep 2014 19:51:46 +0000
Resent-Date: Mon, 22 Sep 2014 19:51:46 +0000
Resent-Message-Id: <E1XW9eE-0000nO-Qo@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <simone.bordet@gmail.com>) id 1XW9dv-0000mG-6w for ietf-http-wg@listhub.w3.org; Mon, 22 Sep 2014 19:51:27 +0000
Received: from mail-wi0-f169.google.com ([209.85.212.169]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <simone.bordet@gmail.com>) id 1XW9dt-0004ez-Od for ietf-http-wg@w3.org; Mon, 22 Sep 2014 19:51:26 +0000
Received: by mail-wi0-f169.google.com with SMTP id fb4so3446025wid.0 for <ietf-http-wg@w3.org>; Mon, 22 Sep 2014 12:50:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=VdOGjE/krbMqkwyK/EbcrJyR8wRAM06Y8mN72Z4eu/o=; b=l1zTvapQIta1eWwomIQcfVdtSlKyqoJN8rowEZyAnAe3XQ+yCPJPB1z8XAmeXfoWAZ Gst3/PYb2yvrpOoAuhfo2l97amZnM4rraz7UvRViYFdROmI1goXjx2BiLyZu8Zx9FqQG R1B20EG3Pm2UbBaTLWXQGg7Au0rWn02wRAte6T0ZVO+vw6qU61YD7bensxQ8ll3xjIEg Ca+xHVq6BZzJis8JNtNeCuZZwD0LzGKNepHmlSRUhAQOScUmuPaNrS1UHoY66iFCRl/E fcOFib4aC4zsyhAsz/ouoB1a9em45a6Qi+dpIfSN8mFc0ddfX1LRULDhOhc5OeeOf87P Lk9A==
MIME-Version: 1.0
X-Received: by 10.180.101.40 with SMTP id fd8mr5190079wib.63.1411415458776; Mon, 22 Sep 2014 12:50:58 -0700 (PDT)
Received: by 10.27.49.137 with HTTP; Mon, 22 Sep 2014 12:50:58 -0700 (PDT)
In-Reply-To: <CABcZeBO8R9NLcwsNNKqPVZexw3duTe5Crneke8T1DOzs4wmBWg@mail.gmail.com>
References: <CAH_y2NF+sP9BmYuD4QbeHpwC_uj67itzaAFCnRVC6f--KDYOgg@mail.gmail.com> <CAOdDvNopynmwvwWLXvuC0q7skunFXcfRoVHe9s7BKcoCwaBgWQ@mail.gmail.com> <CAH_y2NGXz7e3ejqy_rD=39=yYp3+cS1Dm6c3yFEYZg6tsUp5VQ@mail.gmail.com> <CABkgnnWAdm1TLP2XCKNU-6RPACLfooQV73R7Gpoemv+9PNULCA@mail.gmail.com> <CAH_y2NFLjok-NRJtOw1vmSy68sf393iSOgA4K599q0BSBqbNgA@mail.gmail.com> <CABkgnnU-CMtv8KvYU9n+QoPBOBshtQv3RfLy2qw=qVNb2O-qGg@mail.gmail.com> <CAH_y2NHrbH5Objwhq9E89QexhQtND4uOdy8q7OEckTCU17WqKg@mail.gmail.com> <CAH_y2NErRd4rxinSzEH3-uTjdWVkZu9o6sSKSf47LxfPFTRONw@mail.gmail.com> <20140917073241.GA7665@LK-Perkele-VII> <CAFewVt4pxE+9NpzYuzMKGmEdrDXzk50mC99ZbrM6M-uEoKXrHA@mail.gmail.com> <CAH_y2NGYcDvPcxDvaTRBP3p4Pnb7gw39WUDY3bNVnOGQjBgciQ@mail.gmail.com> <CAFewVt7+UAJYfKAR6DRZi_mqdzSaYw6L-pT1qg=UyOaP1ojhTw@mail.gmail.com> <CAH_y2NEhAEaPiUgi_vX6Oimw+Y-k3WrnL0gJZKPxQ8KZVuFVfw@mail.gmail.com> <CABkgnnU6C+TzJzdeQZhwXucuPUrPh1yyp1cpRd9jSePMjAnONQ@mail.gmail.com> <CAOdDvNrdrBNi0kZDorR+8K-5-sPFipVr=U0kx5r56oPX_LhJSA@mail.gmail.com> <CAH_y2NH=skUXk0QwCs4uVqWE=iOLhi5K+kvARDUQ7uMeogrw9A@mail.gmail.com> <CABcZeBPvQfkqnPkfzY53RVAHNw0govmp8p8obvp99w8zs4=RKw@mail.gmail.com> <D7B49F55-663F-4005-AD06-7E4057491608@redhat.com> <CABcZeBO8R9NLcwsNNKqPVZexw3duTe5Crneke8T1DOzs4wmBWg@mail.gmail.com>
Date: Mon, 22 Sep 2014 21:50:58 +0200
Message-ID: <CAFWmRJ2JhVcdS9B7LtQ7kKowYUzvn=DYNBHmMjmu9MbWU1W6JA@mail.gmail.com>
From: Simone Bordet <simone.bordet@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Jason Greene <jason.greene@redhat.com>, Greg Wilkins <gregw@intalio.com>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=209.85.212.169; envelope-from=simone.bordet@gmail.com; helo=mail-wi0-f169.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.728, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1XW9dt-0004ez-Od 112464e06337c3643d1f9b5422b8d7e9
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Archived-At: <http://www.w3.org/mid/CAFWmRJ2JhVcdS9B7LtQ7kKowYUzvn=DYNBHmMjmu9MbWU1W6JA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27152
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi, On Mon, Sep 22, 2014 at 7:29 PM, Eric Rescorla <ekr@rtfm.com> wrote: > - We're kind of sad that people use algorithm X and we wish they would > do something more modern. > - There is something seriously wrong with algorithm X and people need > transition off it pronto. > > In the former case, we have pretty limited options, since it's probably not > worth breaking interop over. So, we can do nothing or we can gradually > tell people to upgrade at preexisting protocol upgrade points. I.e., we > wouldn't roll out HTTP3 to do this, we'd just do it when we were already > rolling out HTTP3 (the same way as 9.2.2 is now). in the second case, > we would want to adjust all versions of HTTP so no new rev would be > required. Frankly, I don't understand this at all. HTTP 1.x was not "adjusted" when flaws have been found in ciphers. Browsers and servers were just updated to pick up better ciphers, and alert users otherwise (http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html) Why we must now "adjust" HTTP/2 ? If the HTTP/2 specification was delayed by enough time so that TLS 1.3 was already ratified, do you think it would have made sense to specify 9.2.2 as it is (rather than just requiring a SHOULD or MUST for TLS 1.3+) ? Thanks ! -- Simone Bordet http://bordet.blogspot.com --- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz
- 9.2.2 Cipher fallback and FF<->Jetty interop prob… Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jim Manico
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Mark Nottingham
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Julian Reschke
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Rob Trace
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … John Mattsson