IETF Logo Mail Archive

Re: Discussion of 9.2.2

Jason Greene <jason.greene@redhat.com> Sat, 27 September 2014 16:38 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DFFC1A1BAF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 27 Sep 2014 09:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.688
X-Spam-Level:
X-Spam-Status: No, score=-7.688 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YbkNR5bwD3ul for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 27 Sep 2014 09:38:50 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A63D71A1B9A for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 27 Sep 2014 09:38:50 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XXuyj-0004UX-Cu for ietf-http-wg-dist@listhub.w3.org; Sat, 27 Sep 2014 16:36:13 +0000
Resent-Date: Sat, 27 Sep 2014 16:36:13 +0000
Resent-Message-Id: <E1XXuyj-0004UX-Cu@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <jason.greene@redhat.com>) id 1XXuyR-0004Tk-Cn for ietf-http-wg@listhub.w3.org; Sat, 27 Sep 2014 16:35:55 +0000
Received: from mx1.redhat.com ([209.132.183.28]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <jason.greene@redhat.com>) id 1XXuyQ-0004Cd-6f for ietf-http-wg@w3.org; Sat, 27 Sep 2014 16:35:55 +0000
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s8RGZ2Qa005470 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Sat, 27 Sep 2014 12:35:02 -0400
Received: from [10.10.55.224] (vpn-55-224.rdu2.redhat.com [10.10.55.224]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s8RGYwtF015984 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sat, 27 Sep 2014 12:35:00 -0400
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Jason Greene <jason.greene@redhat.com>
In-Reply-To: <20140927073925.GH26372@1wt.eu>
Date: Sat, 27 Sep 2014 11:34:58 -0500
Cc: Michael Sweet <msweet@apple.com>, Eric Rescorla <ekr@rtfm.com>, Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C098890D-66F9-488C-9B64-219CBA0188B7@redhat.com>
References: <F0D4BA2A-46B2-4F1A-8A23-1A319A3E5FC0@mnot.net> <CABkgnnWszVer8Y3qgmEQnxNKUhroUEeseC8JkBbGT2P6z3iZxQ@mail.gmail.com> <36736818-C125-4390-841B-94AD76A45EA0@apple.com> <67BE9032-4441-46DE-8929-A25E4FEF3CCF@redhat.com> <CABcZeBPUihY6-i7EEhWq35=RNA--ZHMqnjkJQnO+_OZkfwoPdQ@mail.gmail.com> <F8A9D418-9DA2-48E9-9CD8-45F86A3B2E30@apple.com> <20140927073925.GH26372@1wt.eu>
To: Willy Tarreau <w@1wt.eu>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
Received-SPF: pass client-ip=209.132.183.28; envelope-from=jason.greene@redhat.com; helo=mx1.redhat.com
X-W3C-Hub-Spam-Status: No, score=-7.3
X-W3C-Hub-Spam-Report: AWL=0.431, BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.862, SPF_HELO_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1XXuyQ-0004Cd-6f e58429149dab0093cb27d92242926fb5
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Discussion of 9.2.2
Archived-At: <http://www.w3.org/mid/C098890D-66F9-488C-9B64-219CBA0188B7@redhat.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27296
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Sep 27, 2014, at 2:39 AM, Willy Tarreau <w@1wt.eu> wrote:

> On Fri, Sep 26, 2014 at 09:13:23AM -0700, Michael Sweet wrote:
>> Eric,
>> 
>> If you have a multi-protocol client that opportunistically uses HTTP/2 (which
>> will likely be the case for a very long time for any web browser at least),
>> then you can't simply require TLS/1.2 or omit non-HTTP/2 cipher suites from
>> negotiation because that will cause existing HTTP/1.1 (and SPDY) servers to
>> stop working if they don't support the specific TLS/1.2 ciphers or cannot
>> negotiate TLS/1.2 at all.
> 
> I'm suddenly wondering about something : why is it that we have to support
> different ciphers for H1 and H2 despite transporting the exact same contents ?
> If some ciphers are not acceptable for H2, that makes me think they are at
> risk for H1 as well,
> so shouldn't we say that if an agent wants to support
> H1 as a fallback to H2 during a handshake, then it should only support the
> ciphers that are compatible with both, even if this means the handshake
> might fail on some old H1 servers (hence they'll have to retry with H1 only
> and more ciphers).

It would break a large number of working H1-only clients just because the server the client is talking to also supports H2. The non-supported ciphers aren’t all bad they just aren’t state-of-art as of today.

--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat

v2.46.0 | Report a Bug | By Email | System Status