IETF Logo Mail Archive

Re: Discussion of 9.2.2

Jason Greene <jason.greene@redhat.com> Thu, 25 September 2014 17:24 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C2691A8725 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 25 Sep 2014 10:24:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.688
X-Spam-Level:
X-Spam-Status: No, score=-7.688 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xapaOZlkIBYo for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 25 Sep 2014 10:24:01 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B85B81A01CB for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 25 Sep 2014 10:24:01 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XXCiu-0002fu-Rv for ietf-http-wg-dist@listhub.w3.org; Thu, 25 Sep 2014 17:20:56 +0000
Resent-Date: Thu, 25 Sep 2014 17:20:56 +0000
Resent-Message-Id: <E1XXCiu-0002fu-Rv@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <jason.greene@redhat.com>) id 1XXCic-0002f7-Qe for ietf-http-wg@listhub.w3.org; Thu, 25 Sep 2014 17:20:38 +0000
Received: from mx1.redhat.com ([209.132.183.28]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <jason.greene@redhat.com>) id 1XXCiX-0001JY-Oz for ietf-http-wg@w3.org; Thu, 25 Sep 2014 17:20:38 +0000
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s8PHK7US031601 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 25 Sep 2014 13:20:07 -0400
Received: from [10.10.57.153] (vpn-57-153.rdu2.redhat.com [10.10.57.153]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s8PHK4in005694 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 25 Sep 2014 13:20:06 -0400
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Jason Greene <jason.greene@redhat.com>
In-Reply-To: <CABkgnnV0HFeshNAe9CAzFDeED6Os_GmG6kxm827N18wduCkjiA@mail.gmail.com>
Date: Thu, 25 Sep 2014 12:20:03 -0500
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C3FE3757-2BED-41F6-8D2C-C36E29C5C950@redhat.com>
References: <F0D4BA2A-46B2-4F1A-8A23-1A319A3E5FC0@mnot.net> <CABkgnnV0HFeshNAe9CAzFDeED6Os_GmG6kxm827N18wduCkjiA@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
Received-SPF: pass client-ip=209.132.183.28; envelope-from=jason.greene@redhat.com; helo=mx1.redhat.com
X-W3C-Hub-Spam-Status: No, score=-6.3
X-W3C-Hub-Spam-Report: AWL=-0.582, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.735, SPF_HELO_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1XXCiX-0001JY-Oz 37bad2ed0d7557eec3e96495a6c5e4cb
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Discussion of 9.2.2
Archived-At: <http://www.w3.org/mid/C3FE3757-2BED-41F6-8D2C-C36E29C5C950@redhat.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27239
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Sep 25, 2014, at 3:30 AM, Martin Thomson <martin.thomson@gmail.com> wrote:

> Based on this discussion, I think that there needs to be a d) here
> where we note that implementations MUST NOT offer cipher suites where
> these properties (PFS, stream/block mode) are unknown.  This was an
> assumption on my part that turns out to be important.  With that
> change, I think that the concern about fragility becomes immaterial.

That doesn’t really solve the problem. If you are implementing an H2 stack where the TLS stack it is used with does not provide the rich APIs I described in my previous email, then the only way to meet this requirement is for the H2 stack to specify a whitelist of all ciphers (as doing that suggests it is aware of the properties). Once it white-lists future ciphers used by peers that meet the AEAD (or greater) test will fail.

To use an example:

1. H2 stack X, running on System A hard codes all known H2 compliant 1.2 ciphers
2. Time goes by, and a new stronger cipher C is released (either based on aero, or maybe just a new aead cipher in 1.3)
3. System B is a high security site and only allows cipher C
4. The administrator on System A installs a TLS stack update to latest 1.3, which contains cipher C, so that A can talk to B
5. A now can’t talk to B, and the administrator can’t figure out why, and probably begrudges the switch to H2

On the other hand, if stack X had simply ignored 9.2.2, it all would have worked out fine. 

--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat

v2.46.0 | Report a Bug | By Email | System Status