Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Mark Nottingham <mnot@mnot.net> Mon, 22 September 2014 22:59 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 302331A6F58 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Sep 2014 15:59:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.688
X-Spam-Level:
X-Spam-Status: No, score=-7.688 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LKC3Cd_7A2gN for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Sep 2014 15:59:03 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CB8F1A6F41 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 22 Sep 2014 15:59:01 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XWCX0-0001Sy-E5 for ietf-http-wg-dist@listhub.w3.org; Mon, 22 Sep 2014 22:56:30 +0000
Resent-Date: Mon, 22 Sep 2014 22:56:30 +0000
Resent-Message-Id: <E1XWCX0-0001Sy-E5@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1XWCWd-0001RT-OO for ietf-http-wg@listhub.w3.org; Mon, 22 Sep 2014 22:56:07 +0000
Received: from mxout-08.mxes.net ([216.86.168.183]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1XWCWc-0003xo-PC for ietf-http-wg@w3.org; Mon, 22 Sep 2014 22:56:07 +0000
Received: from [10.1.3.135] (unknown [216.9.108.189]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 08CA1509B5; Mon, 22 Sep 2014 18:55:42 -0400 (EDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAH_y2NH79D61t3gA6HK3UAEgptC4qO2dxS5rKXFUdy__ueP-+w@mail.gmail.com>
Date: Mon, 22 Sep 2014 15:55:41 -0700
Cc: Eric Rescorla <ekr@rtfm.com>, Jason Greene <jason.greene@redhat.com>, Patrick McManus <pmcmanus@mozilla.com>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FA7FA184-0A14-498D-80EC-B1A5A8C5AC39@mnot.net>
References: <CAH_y2NF+sP9BmYuD4QbeHpwC_uj67itzaAFCnRVC6f--KDYOgg@mail.gmail.com> <CAOdDvNopynmwvwWLXvuC0q7skunFXcfRoVHe9s7BKcoCwaBgWQ@mail.gmail.com> <CAH_y2NGXz7e3ejqy_rD=39=yYp3+cS1Dm6c3yFEYZg6tsUp5VQ@mail.gmail.com> <CABkgnnWAdm1TLP2XCKNU-6RPACLfooQV73R7Gpoemv+9PNULCA@mail.gmail.com> <CAH_y2NFLjok-NRJtOw1vmSy68sf393iSOgA4K599q0BSBqbNgA@mail.gmail.com> <CABkgnnU-CMtv8KvYU9n+QoPBOBshtQv3RfLy2qw=qVNb2O-qGg@mail.gmail.com> <CAH_y2NHrbH5Objwhq9E89QexhQtND4uOdy8q7OEckTCU17WqKg@mail.gmail.com> <CAH_y2NErRd4rxinSzEH3-uTjdWVkZu9o6sSKSf47LxfPFTRONw@mail.gmail.com> <20140917073241.GA7665@LK-Perkele-VII> <CAFewVt4pxE+9NpzYuzMKGmEdrDXzk50mC99ZbrM6M-uEoKXrHA@mail.gmail.com> <CAH_y2NGYcDvPcxDvaTRBP3p4Pnb7gw39WUDY3bNVnOGQjBgciQ@mail.gmail.com> <CAFewVt7+UAJYfKAR6DRZi_mqdzSaYw6L-pT1qg=UyOaP1ojhTw@mail.gmail.com> <CAH_y2NEhAEaPiUgi_vX6Oimw+Y-k3WrnL0gJZKPxQ8KZVuFVfw@mail.gmail.com> <CABkgnnU6C+TzJzdeQZhwXucuPUrPh1yyp1cpRd9jSePMjAnONQ@mail.gmail.com> <CAOdDvNrdrBNi0kZDorR+8K-5-sPFipVr=U0kx5r5 6oPX_LhJSA@mail.gmail.com> <CAH_y2NH=skUXk0QwCs4uVqWE=iOLhi5K+kvARDUQ7uMeogrw9A@mail.gmail.com> <CABcZeBPvQfkqnPkfzY53RVAHNw0govmp8p8obvp99w8zs4=RKw@mail.gmail.com> <D7B49F55-663F-4005-AD06-7E4057491608@redhat.com> <CABcZeBO8R9NLcwsNNKqPVZexw3duTe5Crneke8T1DOzs4wmBWg@mail.gmail.com> <CAH_y2NH79D61t3gA6HK3UAEgptC4qO2dxS5rKXFUdy__ueP-+w@mail.gmail.com>
To: Greg Wilkins <gregw@intalio.com>
X-Mailer: Apple Mail (2.1878.6)
Received-SPF: pass client-ip=216.86.168.183; envelope-from=mnot@mnot.net; helo=mxout-08.mxes.net
X-W3C-Hub-Spam-Status: No, score=-0.7
X-W3C-Hub-Spam-Report: RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1XWCWc-0003xo-PC 78f914af13cbf67746976f237575e922
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Archived-At: <http://www.w3.org/mid/FA7FA184-0A14-498D-80EC-B1A5A8C5AC39@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27157
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 22 Sep 2014, at 3:05 pm, Greg Wilkins <gregw@intalio.com> wrote: > > I think it is unworkable.... but let's follow our charter to determine if it really is. Our charter says that we should be coordinating the TLS working group and let's see if they are happy to insist that TLS police application protocol crypto requirements. Greg, this was all done with deep involvement from the TLS WG; Eric was chair at the time, and now the document editor for 1.3. There may be some mitigations we can introduce to make this easier for you. Dropping 9.2.2 isn’t on the table here — it’s been discussed for quite some time, with input from TLS and SECAREA, and has strong support. One thing that I’ve heard is requiring clients to offer the “good” suites first, to promote interop. Does anyone see a downside to doing that? The other is making all of 9.2.2 (and maybe 9.2.1) specific to TLS 1.2; i.e., to let TLS 1.3 and beyond control their own destiny. Regards (and about to get on a plane), -- Mark Nottingham http://www.mnot.net/
- 9.2.2 Cipher fallback and FF<->Jetty interop prob… Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Brian Smith
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Cory Benfield
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Ilari Liusvaara
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roy T. Fielding
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jim Manico
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Mark Nottingham
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Patrick McManus
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Willy Tarreau
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Julian Reschke
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Jason Greene
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Greg Wilkins
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Amos Jeffries
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Stuart Douglas
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Roland Zink
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Simone Bordet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Michael Sweet
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Eric Rescorla
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Andrei Popov
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … Martin Thomson
- RE: 9.2.2 Cipher fallback and FF<->Jetty interop … Rob Trace
- Re: 9.2.2 Cipher fallback and FF<->Jetty interop … John Mattsson