Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Greg Wilkins <gregw@intalio.com> Mon, 22 September 2014 22:09 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1FF01A1B36 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Sep 2014 15:09:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.065
X-Spam-Level:
X-Spam-Status: No, score=-7.065 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y3uhZxQTtPi1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Sep 2014 15:09:10 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5C9C1A036E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 22 Sep 2014 15:09:09 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XWBki-0007iB-0o for ietf-http-wg-dist@listhub.w3.org; Mon, 22 Sep 2014 22:06:36 +0000
Resent-Date: Mon, 22 Sep 2014 22:06:36 +0000
Resent-Message-Id: <E1XWBki-0007iB-0o@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XWBkM-0007hB-9Z for ietf-http-wg@listhub.w3.org; Mon, 22 Sep 2014 22:06:14 +0000
Received: from mail-wg0-f52.google.com ([74.125.82.52]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XWBkL-0001Q2-0B for ietf-http-wg@w3.org; Mon, 22 Sep 2014 22:06:14 +0000
Received: by mail-wg0-f52.google.com with SMTP id n12so1735946wgh.23 for <ietf-http-wg@w3.org>; Mon, 22 Sep 2014 15:05:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Dn43txv23sD9E4184ivf28YxiILgQGsbf6499OsQUv8=; b=V4EBDFmjcLJWHCuhYIMMzzlLdjwHnKSot58AruH4dcvCXF1n9hONdVntU48RrJSUD7 w6MwQkXhi0jTn4qMsqpVSSd/0AnIfCIlX/mxIQl00yL6wtd/ygH130l09EUNWn7Fw2Gw L4Hb92pB5ObIobUAcq3NJAo7yJ1LMuWSH6Tc2WBT1Czf1yP8jxKfxmAuxtuQ35+PtzN2 DbGmM8BpXhs8IJC8CDnhtsgyorgTkaIx0Br8XcDoSte9yK4UtQl5wFPR6J4dGc/jzXxr jS5sm36aC5XP5Ft+K9OtW7feVXuE2NGpXTZd+w/iyYLevWFz5gDAjgQwpAK3vhvHDlpK a2Gg==
X-Gm-Message-State: ALoCoQkbo3tTMvVEL0So3i/CNhjw56qrWMYecU4LAKhto9bvcY3vtKbvubYoQg3hB5cnlNvBktgJ
MIME-Version: 1.0
X-Received: by 10.180.75.143 with SMTP id c15mr18586693wiw.31.1411423546425; Mon, 22 Sep 2014 15:05:46 -0700 (PDT)
Received: by 10.194.169.98 with HTTP; Mon, 22 Sep 2014 15:05:45 -0700 (PDT)
In-Reply-To: <CABcZeBO8R9NLcwsNNKqPVZexw3duTe5Crneke8T1DOzs4wmBWg@mail.gmail.com>
References: <CAH_y2NF+sP9BmYuD4QbeHpwC_uj67itzaAFCnRVC6f--KDYOgg@mail.gmail.com> <CAOdDvNopynmwvwWLXvuC0q7skunFXcfRoVHe9s7BKcoCwaBgWQ@mail.gmail.com> <CAH_y2NGXz7e3ejqy_rD=39=yYp3+cS1Dm6c3yFEYZg6tsUp5VQ@mail.gmail.com> <CABkgnnWAdm1TLP2XCKNU-6RPACLfooQV73R7Gpoemv+9PNULCA@mail.gmail.com> <CAH_y2NFLjok-NRJtOw1vmSy68sf393iSOgA4K599q0BSBqbNgA@mail.gmail.com> <CABkgnnU-CMtv8KvYU9n+QoPBOBshtQv3RfLy2qw=qVNb2O-qGg@mail.gmail.com> <CAH_y2NHrbH5Objwhq9E89QexhQtND4uOdy8q7OEckTCU17WqKg@mail.gmail.com> <CAH_y2NErRd4rxinSzEH3-uTjdWVkZu9o6sSKSf47LxfPFTRONw@mail.gmail.com> <20140917073241.GA7665@LK-Perkele-VII> <CAFewVt4pxE+9NpzYuzMKGmEdrDXzk50mC99ZbrM6M-uEoKXrHA@mail.gmail.com> <CAH_y2NGYcDvPcxDvaTRBP3p4Pnb7gw39WUDY3bNVnOGQjBgciQ@mail.gmail.com> <CAFewVt7+UAJYfKAR6DRZi_mqdzSaYw6L-pT1qg=UyOaP1ojhTw@mail.gmail.com> <CAH_y2NEhAEaPiUgi_vX6Oimw+Y-k3WrnL0gJZKPxQ8KZVuFVfw@mail.gmail.com> <CABkgnnU6C+TzJzdeQZhwXucuPUrPh1yyp1cpRd9jSePMjAnONQ@mail.gmail.com> <CAOdDvNrdrBNi0kZDorR+8K-5-sPFipVr=U0kx5r56oPX_LhJSA@mail.gmail.com> <CAH_y2NH=skUXk0QwCs4uVqWE=iOLhi5K+kvARDUQ7uMeogrw9A@mail.gmail.com> <CABcZeBPvQfkqnPkfzY53RVAHNw0govmp8p8obvp99w8zs4=RKw@mail.gmail.com> <D7B49F55-663F-4005-AD06-7E4057491608@redhat.com> <CABcZeBO8R9NLcwsNNKqPVZexw3duTe5Crneke8T1DOzs4wmBWg@mail.gmail.com>
Date: Tue, 23 Sep 2014 08:05:45 +1000
Message-ID: <CAH_y2NH79D61t3gA6HK3UAEgptC4qO2dxS5rKXFUdy__ueP-+w@mail.gmail.com>
From: Greg Wilkins <gregw@intalio.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Jason Greene <jason.greene@redhat.com>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="f46d043895551ccfed0503aea774"
Received-SPF: permerror client-ip=74.125.82.52; envelope-from=gregw@intalio.com; helo=mail-wg0-f52.google.com
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: AWL=-3.101, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7
X-W3C-Scan-Sig: lisa.w3.org 1XWBkL-0001Q2-0B 13a7bb1c245cf94895a5458caf62f3fd
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Archived-At: <http://www.w3.org/mid/CAH_y2NH79D61t3gA6HK3UAEgptC4qO2dxS5rKXFUdy__ueP-+w@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27155
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 23 September 2014 03:29, Eric Rescorla <ekr@rtfm.com> wrote: > I think we're talking past each other here. Indeed that appears to be a problem when discussing complex issues such as TLS. Different opinions or levels of understanding can exist and that may result in different implementations or at least different adoption rates. When presented with that situation we should have a spec that will degrade gracefully rather than just fail? While I favour dropping 9.2.2 I have suggested many other options that will avoid communication failure. Surely those that think we should be making additional crypto requirements need to come up with a proposal that does not result in communication failures? Note that it may be true that the TLS implementation has full knowledge if a cipher it is using is AEAD or not, but that does not mean that the h2 protocol above it can access that knowledge. You suggest that in the offloaded case, it is the TLS implementation itself that will have to know h2's requirements for ciphers. Isn't that entirely inverted logic? Also h2 might just be a carrier for yet another protocol (via a connect pipe), if that protocol follows the precedent set here, the the TLS layer is going to have to know the crypto requirements of protocols within protocols. I think it is unworkable.... but let's follow our charter to determine if it really is. Our charter says that we should be coordinating the TLS working group and let's see if they are happy to insist that TLS police application protocol crypto requirements. regards -- Greg Wilkins <gregw@intalio.com> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
- 9.2.2 Cipher fallback and FF<->Jetty interop prob… Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jim Manico
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Mark Nottingham
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Julian Reschke
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Rob Trace
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … John Mattsson