Re: Ciphersuite requirements ext#26
Martin Thomson <martin.thomson@gmail.com> Wed, 20 August 2014 00:06 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BE741A0051 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 19 Aug 2014 17:06:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.67
X-Spam-Level:
X-Spam-Status: No, score=-7.67 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qGUBBqXBQd9X for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 19 Aug 2014 17:06:33 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C67D31A0039 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 19 Aug 2014 17:06:33 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XJtO4-0004Dt-6g for ietf-http-wg-dist@listhub.w3.org; Wed, 20 Aug 2014 00:04:24 +0000
Resent-Date: Wed, 20 Aug 2014 00:04:24 +0000
Resent-Message-Id: <E1XJtO4-0004Dt-6g@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1XJtNl-00048z-0B for ietf-http-wg@listhub.w3.org; Wed, 20 Aug 2014 00:04:05 +0000
Received: from mail-wg0-f45.google.com ([74.125.82.45]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <martin.thomson@gmail.com>) id 1XJtNg-00086I-W0 for ietf-http-wg@w3.org; Wed, 20 Aug 2014 00:04:04 +0000
Received: by mail-wg0-f45.google.com with SMTP id x12so7009804wgg.28 for <ietf-http-wg@w3.org>; Tue, 19 Aug 2014 17:03:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=T/fjucM2IxWp7KUVYZq9GxEWCROhhqfc1Igq2KBK9/4=; b=aPOzkWQjT9U+euNi40xgtKVsjQMCdehTYIAbDITJAVufEHpaZ/L6pZA41dZqoePv6/ iQXdZQVJrf2AplG/Pn4nfuz4nTM1JYqQQ1lrjAC1NFCUY64+idQzf0xu5zVXEh2QTY4X 9d79qougi/0kzXFJ7bNHTjiR6pndR263J/t9C9QLs0sXkCUrL84cr0wTByISK7mtIyMj 529ciqDTwcX2PI98rrQkOExYbcW3oaDF0fKQPBBilB5eCVn8MuveH9oGKlr+Y+srei3k 7zCVIjPrubr7wOryZgi3PpUj1UInPbbF61KbJ64QwWZBbUt7aG4BE+9n9I5UT1OXLMEd t21g==
MIME-Version: 1.0
X-Received: by 10.194.221.74 with SMTP id qc10mr53599920wjc.39.1408493014654; Tue, 19 Aug 2014 17:03:34 -0700 (PDT)
Received: by 10.194.6.229 with HTTP; Tue, 19 Aug 2014 17:03:34 -0700 (PDT)
In-Reply-To: <FC74AEF6-1FE4-42D2-AE40-6628872568C1@mnot.net>
References: <CABkgnnVXt0EoHW5TSJmYy+Y5qQt5ocuBQ+eMzPdaraD5rZDHng@mail.gmail.com> <FC74AEF6-1FE4-42D2-AE40-6628872568C1@mnot.net>
Date: Tue, 19 Aug 2014 17:03:34 -0700
Message-ID: <CABkgnnVX05SfHLMo4tt=vyF5XQqO7DC2embcEPkvJcFeYt3K6w@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: text/plain; charset="UTF-8"
Received-SPF: pass client-ip=74.125.82.45; envelope-from=martin.thomson@gmail.com; helo=mail-wg0-f45.google.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-2.740, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1XJtNg-00086I-W0 d77a7ad9040d35c41ad596658e6a69b8
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Ciphersuite requirements ext#26
Archived-At: <http://www.w3.org/mid/CABkgnnVX05SfHLMo4tt=vyF5XQqO7DC2embcEPkvJcFeYt3K6w@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/26667
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 19 August 2014 16:59, Mark Nottingham <mnot@mnot.net> wrote: > So, are we saying that oppsec defers to the specific protocol negotiated for any ciphersuite requirements (e.g., h2 has a very specific high bar, while http/1.1-over-tls has none)? Yes. Though I'd take exception at that latter statement. http/1.1 doesn't have no requirements, just none from the protocol itself. We might not have eliminated RC4 just yet, but we have managed to get rid of the obviously bad stuff (like RC2 and DES).
- Ciphersuite requirements ext#26 Martin Thomson
- Re: Ciphersuite requirements ext#26 Mark Nottingham
- Re: Ciphersuite requirements ext#26 Martin Thomson