Re: Discussion of 9.2.2
Jason Greene <jason.greene@redhat.com> Fri, 26 September 2014 15:36 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9825A1A0092 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 26 Sep 2014 08:36:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.688
X-Spam-Level:
X-Spam-Status: No, score=-7.688 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TAdlKcYC3kh3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 26 Sep 2014 08:36:10 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 436551A89AD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 26 Sep 2014 08:36:10 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XXXWN-0001yD-CC for ietf-http-wg-dist@listhub.w3.org; Fri, 26 Sep 2014 15:33:23 +0000
Resent-Date: Fri, 26 Sep 2014 15:33:23 +0000
Resent-Message-Id: <E1XXXWN-0001yD-CC@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <jason.greene@redhat.com>) id 1XXXW4-0001wd-Cd for ietf-http-wg@listhub.w3.org; Fri, 26 Sep 2014 15:33:04 +0000
Received: from mx1.redhat.com ([209.132.183.28]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <jason.greene@redhat.com>) id 1XXXW3-0007Lf-4d for ietf-http-wg@w3.org; Fri, 26 Sep 2014 15:33:04 +0000
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s8QFWWJ0028476 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 26 Sep 2014 11:32:33 -0400
Received: from [10.10.57.153] (vpn-57-153.rdu2.redhat.com [10.10.57.153]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s8QFWT7i032733 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 26 Sep 2014 11:32:30 -0400
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Jason Greene <jason.greene@redhat.com>
In-Reply-To: <CABcZeBPUihY6-i7EEhWq35=RNA--ZHMqnjkJQnO+_OZkfwoPdQ@mail.gmail.com>
Date: Fri, 26 Sep 2014 10:32:28 -0500
Cc: Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Michael Sweet <msweet@apple.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FFEEC4CF-CC2A-4B68-906D-CAA4ECFC0BBD@redhat.com>
References: <F0D4BA2A-46B2-4F1A-8A23-1A319A3E5FC0@mnot.net> <CABkgnnWszVer8Y3qgmEQnxNKUhroUEeseC8JkBbGT2P6z3iZxQ@mail.gmail.com> <36736818-C125-4390-841B-94AD76A45EA0@apple.com> <67BE9032-4441-46DE-8929-A25E4FEF3CCF@redhat.com> <CABcZeBPUihY6-i7EEhWq35=RNA--ZHMqnjkJQnO+_OZkfwoPdQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
Received-SPF: pass client-ip=209.132.183.28; envelope-from=jason.greene@redhat.com; helo=mx1.redhat.com
X-W3C-Hub-Spam-Status: No, score=-7.3
X-W3C-Hub-Spam-Report: AWL=0.352, BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.703, SPF_HELO_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1XXXW3-0007Lf-4d e2d0b3b8aad6d3a22a683b0f1a79f22b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Discussion of 9.2.2
Archived-At: <http://www.w3.org/mid/FFEEC4CF-CC2A-4B68-906D-CAA4ECFC0BBD@redhat.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27259
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On Sep 26, 2014, at 10:09 AM, Eric Rescorla <ekr@rtfm.com> wrote: > > On Fri, Sep 26, 2014 at 7:55 AM, Jason Greene <jason.greene@redhat.com> wrote: > Has there been any discussion and buy-in with the major TLS implementers (OpenSSL, LibreSSL, Microsoft, NSS, etc) about the need to provide a characteristic-based priority and introspection API that also allows for different policies per TLS version? > > According to Michaels investigation it looks like all of them fall short of this. > > As I indicated previously, NSS provides the necessary introspection API. > > http://lists.w3.org/Archives/Public/ietf-http-wg/2014JulSep/2296.html I saw that one, but it does not seem to allow me to say aead or anything stronger. Code written against this API would fail with aero for example. So we would need an AEAD+ like construct. Today this is ok because AEAD is the latest. However, if a few months from now NSS adds it, the application will not be able to use it without a code update. > > You don't need a priority API to correctly implement these requirements, nor > do you need one that provides differential requirements for different TLS > versions (other than the ones that are encoded in the TLS specifications > and implemented by the library). Here are the requirements we have assembled: 1. A TLS 1.2 connection without an ALPN for HTTP/2 can use any cipher allowed by TLS 1.2 that has not been blacklisted as a vulnerability 2. A TLS 1.2 connection with an ALPN for HTTP/2 can only use the subset of TLS 1.2 that 9.2.2 allows. 3. A TLS 1.3 (and later) connection can negotiate any cipher allowed by the spec Further we have the existing common industry practice of separation of concerns, that an administrator can pick up new ciphers (and TLS versions), by simply updating a common TLS library on the system which is shared between application protocols (e.g. http stacks). While browsers have traditionally hard coded cipher suites, servers and other non-browser clients typically leave this to the TLS stack. Do we agree on at least this? If so, how is an API I describe not necessary to meet all of this? Is there another way I have missed? > > -Ekr > > > At a minimum we should at least have a commitment that a complete solution meeting the needs of future ciphers, legacy compatibility, and the rules of 9.2.2 will even be possible. While this still falls short of “working code”, there is at least a chance that it can be implemented without breaking standard industry usage patterns. > > On Sep 26, 2014, at 7:17 AM, Michael Sweet <msweet@apple.com> wrote: > > > I think the lead-in paragraph (everything below only applies to TLS 1.2) is confusing when the first item after it then says "this isn't just limited to TLS 1.2". Since all of the others are now explicitly TLS 1.2 requirements you can probably drop that lead-in paragraph to avoid the confusion... > > > > And FWIW I still have no interoperable way to implement these restrictions in a client or server that supports both HTTP/1.1 and HTTP/2 with the current TLS libraries, so I'll have to use the sub-optimal negotiate-and-then-give-up-forcing-a-new-connection approach if I want to enforce the 9.2.2 cipher suite and minimum TLS version requirements. > > > >> On Sep 26, 2014, at 1:08 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > >> > >> On 24 September 2014 12:17, Mark Nottingham <mnot@mnot.net> wrote: > >>> <http://http2.github.io/http2-spec/#rfc.section.9.2.2> > >> > >> I've updated my pull request on this subject. There are a few > >> editorial changes in the mix, but the commit log shows exactly what > >> changes are involved: > >> > >> https://github.com/http2/http2-spec/pull/615 > >> > >> I believe that these changes resolve the issues people have raised. > >> That is, other than the one which states we shouldn't have this > >> section at all. > >> > > > > _________________________________________________________ > > Michael Sweet, Senior Printing System Engineer, PWG Chair > > > > > > -- > Jason T. Greene > WildFly Lead / JBoss EAP Platform Architect > JBoss, a division of Red Hat > > -- Jason T. Greene WildFly Lead / JBoss EAP Platform Architect JBoss, a division of Red Hat
- Discussion of 9.2.2 Mark Nottingham
- Re: Discussion of 9.2.2 Roland Zink
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Martin Thomson
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Eric Rescorla
- Re: Discussion of 9.2.2 Roland Zink
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Eric Rescorla
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Ilari Liusvaara
- Re: Discussion of 9.2.2 Patrick McManus
- Re: Discussion of 9.2.2 Mark Nottingham
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Julian Reschke
- Re: Discussion of 9.2.2 Martin Thomson
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Eric Rescorla
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Willy Tarreau
- Re: Discussion of 9.2.2 Martin Nilsson
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Martin Nilsson