Re: Discussion of 9.2.2
Michael Sweet <msweet@apple.com> Fri, 26 September 2014 12:22 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 455281A1A85 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 26 Sep 2014 05:22:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.578
X-Spam-Level:
X-Spam-Status: No, score=-7.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5fu2IPhaAJ5R for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 26 Sep 2014 05:22:13 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EEF51A1A61 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 26 Sep 2014 05:22:13 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XXUUD-0000qZ-Po for ietf-http-wg-dist@listhub.w3.org; Fri, 26 Sep 2014 12:18:57 +0000
Resent-Date: Fri, 26 Sep 2014 12:18:57 +0000
Resent-Message-Id: <E1XXUUD-0000qZ-Po@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <msweet@apple.com>) id 1XXUTf-0000li-3B for ietf-http-wg@listhub.w3.org; Fri, 26 Sep 2014 12:18:23 +0000
Received: from mail-out7.apple.com ([17.151.62.29] helo=mail-in7.apple.com) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <msweet@apple.com>) id 1XXUTd-0000Y1-JU for ietf-http-wg@w3.org; Fri, 26 Sep 2014 12:18:23 +0000
DKIM-Signature: v=1; a=rsa-sha256; d=apple.com; s=mailout2048s; c=relaxed/simple; q=dns/txt; i=@apple.com; t=1411733872; x=2275647472; h=From:Sender:Reply-To:Subject:Date:Message-id:To:Cc:MIME-version:Content-type: Content-transfer-encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-reply-to:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=8J2AWxMFw7akGLawyEX9PYMDS59wDEvFqWdddLHJol8=; b=kIDwbZic8EAuJUFCDthY+QpN4CgQm35QpLpEwCVGsM/DBnbScZpSW/+LQ7CFzm3K b5yNHczgSze37nlFUTUalhfKyDldlyK4V1orWl7ZvnDlMZka52yCnXGc8HvnxhKO Pw4trM03Jt5VtctMVnohgAZiJK2J7dE8EgAzdvW8druo2Elin6to6mcdGbtrnLFl SrqPebmrN70grCf/+Ehs8e6UbmwK7w+u6Fbf8ftVBYb504cwXhONwv4Joksaz0ij SxmgLWP20EEbCFnNbZY5YbRt9RKGsgdy+NtGYD+DfMC9ej+lJe4YkKKCkSljSM+8 oa/AqoVwMcXW8lzHDgejKQ==;
Received: from mail-out.apple.com (crispin.apple.com [17.151.62.50]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by mail-in7.apple.com (Apple Secure Mail Relay) with SMTP id E4.CC.31401.07955245; Fri, 26 Sep 2014 05:17:52 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; CHARSET="US-ASCII"
Received: from relay8.apple.com ([17.128.113.102]) by local.mail-out.apple.com (Oracle Communications Messaging Server 7.0.5.30.0 64bit (built Oct 22 2013)) with ESMTP id <0NCI001WKCT64D41@local.mail-out.apple.com> for ietf-http-wg@w3.org; Fri, 26 Sep 2014 05:17:52 -0700 (PDT)
X-AuditID: 11973e16-f793b6d000007aa9-52-54255970841a
Received: from chicory.apple.com (chicory.apple.com [17.128.115.99]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by relay8.apple.com (Apple SCV relay) with SMTP id B1.59.11638.17955245; Fri, 26 Sep 2014 05:17:53 -0700 (PDT)
Received: from [17.153.61.141] by chicory.apple.com (Oracle Communications Messaging Server 7.0.5.30.0 64bit (built Oct 22 2013)) with ESMTPSA id <0NCI00MNGCTRBR30@chicory.apple.com> for ietf-http-wg@w3.org; Fri, 26 Sep 2014 05:17:52 -0700 (PDT)
From: Michael Sweet <msweet@apple.com>
In-reply-to: <CABkgnnWszVer8Y3qgmEQnxNKUhroUEeseC8JkBbGT2P6z3iZxQ@mail.gmail.com>
Date: Fri, 26 Sep 2014 05:17:51 -0700
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-id: <36736818-C125-4390-841B-94AD76A45EA0@apple.com>
References: <F0D4BA2A-46B2-4F1A-8A23-1A319A3E5FC0@mnot.net> <CABkgnnWszVer8Y3qgmEQnxNKUhroUEeseC8JkBbGT2P6z3iZxQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
X-Mailer: Apple Mail (2.1985.4)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrDLMWRmVeSWpSXmKPExsUiON3OSLcgUjXE4MNHNYvDLbOYHBg9js7b zxrAGMVlk5Kak1mWWqRvl8CV0fpjCnvBba6KiS9+MDcwfuDoYuTkkBAwkfjz9jgbhC0mceHe eiCbi0NIYCaTxNVdT1hAErwCghI/Jt8Dsjk4mAXkJQ6elwUJMwtoSXx/1MoCUT+bSeJzxzpG mKFHJz1jArGFBPqZJK79KIAo+s0osWTzfSaQQcICChLvv+uD1LAJqEn8ntTHCmJzCgRLtFw9 DdbLIqAq0T35GyvEMl+JnkV/2SDusZGY/2cbO8T8JkaJS/9NQWwRAV2JRWcfsEPcIC+x9NJ2 RpC9EgLvWSV2LrrAOIFRZBaSf2Yh/DMLyT8LGJlXMQrlJmbm6GbmmeslFhTkpOol5+duYoQE t9gOxoerrA4xCnAwKvHw3linEiLEmlhWXJl7iFGag0VJnDc+CygkkJ5YkpqdmlqQWhRfVJqT WnyIkYmDU6qBcfXX0i26CfXzb/OWpbJ86HvJJZLg4MQ4v+LhutxSbVMFZ8tty56vEGat2LM0 m/GGlemHL7/ZTj76Ka0cGBv2V3YtU9c+lwyJQ+ENURunq0bNnbXxrp/c6mUHONcsXiYjc7+1 eeHlXfvPNwqzOrw9p9//8qKXZM7cw7tlIyX5PJxl5/3/sL1MWomlOCPRUIu5qDgRAM1qyQpP AgAA
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrKLMWRmVeSWpSXmKPExsUi2FCcrFsYqRpi8Pq2qcXhlllMDoweR+ft Zw1gjOKySUnNySxLLdK3S+DK+PB1I3NBM3fFq79rmBsYOzm7GDk5JARMJI5OesYEYYtJXLi3 nq2LkYtDSKCfSWL//BlQzm9GiSWb7wNVcXAICyhIvP+uD9LAK2AgcfXEe0YQm1lAS2L9zuNg g9gE1CR+T+pjBbE5BYIlWq6eBouzCKhKdE/+xgpR7yvRs+gvG4StLfHk3QVWiJk2EvP/bGMH sYUEmhglLv03BbFFBHQlFp19wA5xqLzE0kvbGScwCsxCcsYsJGfMQjJ2ASPzKkaBotScxEoL vcSCgpxUveT83E2M4MArTNvB2LTc6hCjAAejEg/vjXUqIUKsiWXFlbmHGCU4mJVEeC95q4YI 8aYkVlalFuXHF5XmpBYfYpTmYFES5/1eDlQtkJ5YkpqdmlqQWgSTZeLglGpg3Jh7JXzizvJ7 EedaluRLX1fON1pXnrrytrNxatz/tZvfSGfP9+i8aXnvmeTGA5X2KWp7FoftWr2xd/HayR7B U3W6QzW2a1/yOl2vsjt/52HfBImyWy4L3NWqBXSeu/qJRkVZms9+trjZ78H2W1/KSvQmNVnd 7Awtyn8bJcXxpjyvhTXh5RQGJZbijERDLeai4kQAGRNk1zgCAAA=
Received-SPF: pass client-ip=17.151.62.29; envelope-from=msweet@apple.com; helo=mail-in7.apple.com
X-W3C-Hub-Spam-Status: No, score=-5.5
X-W3C-Hub-Spam-Report: AWL=-0.709, BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.703, SPF_PASS=-0.001, T_DKIM_INVALID=0.01
X-W3C-Scan-Sig: maggie.w3.org 1XXUTd-0000Y1-JU 1f283aef5a3ee6221f664849c8d26d4a
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Discussion of 9.2.2
Archived-At: <http://www.w3.org/mid/36736818-C125-4390-841B-94AD76A45EA0@apple.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27256
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
I think the lead-in paragraph (everything below only applies to TLS 1.2) is confusing when the first item after it then says "this isn't just limited to TLS 1.2". Since all of the others are now explicitly TLS 1.2 requirements you can probably drop that lead-in paragraph to avoid the confusion... And FWIW I still have no interoperable way to implement these restrictions in a client or server that supports both HTTP/1.1 and HTTP/2 with the current TLS libraries, so I'll have to use the sub-optimal negotiate-and-then-give-up-forcing-a-new-connection approach if I want to enforce the 9.2.2 cipher suite and minimum TLS version requirements. > On Sep 26, 2014, at 1:08 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 24 September 2014 12:17, Mark Nottingham <mnot@mnot.net> wrote: >> <http://http2.github.io/http2-spec/#rfc.section.9.2.2> > > I've updated my pull request on this subject. There are a few > editorial changes in the mix, but the commit log shows exactly what > changes are involved: > > https://github.com/http2/http2-spec/pull/615 > > I believe that these changes resolve the issues people have raised. > That is, other than the one which states we shouldn't have this > section at all. > _________________________________________________________ Michael Sweet, Senior Printing System Engineer, PWG Chair
- Discussion of 9.2.2 Mark Nottingham
- Re: Discussion of 9.2.2 Roland Zink
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Martin Thomson
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Eric Rescorla
- Re: Discussion of 9.2.2 Roland Zink
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Eric Rescorla
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Ilari Liusvaara
- Re: Discussion of 9.2.2 Patrick McManus
- Re: Discussion of 9.2.2 Mark Nottingham
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Julian Reschke
- Re: Discussion of 9.2.2 Martin Thomson
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Eric Rescorla
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Willy Tarreau
- Re: Discussion of 9.2.2 Martin Nilsson
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Martin Nilsson