IETF Logo Mail Archive

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

Greg Wilkins <gregw@intalio.com> Thu, 18 September 2014 00:14 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DF291A6EED for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 17 Sep 2014 17:14:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.931
X-Spam-Level:
X-Spam-Status: No, score=-7.931 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.652, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0DxSk5kHhrq1 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 17 Sep 2014 17:14:12 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 143521A2130 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 17 Sep 2014 17:14:11 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XUPJL-0004Ri-N4 for ietf-http-wg-dist@listhub.w3.org; Thu, 18 Sep 2014 00:10:59 +0000
Resent-Date: Thu, 18 Sep 2014 00:10:59 +0000
Resent-Message-Id: <E1XUPJL-0004Ri-N4@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XUPIl-0004Qi-0y for ietf-http-wg@listhub.w3.org; Thu, 18 Sep 2014 00:10:23 +0000
Received: from mail-we0-f173.google.com ([74.125.82.173]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XUPIj-000550-L9 for ietf-http-wg@w3.org; Thu, 18 Sep 2014 00:10:22 +0000
Received: by mail-we0-f173.google.com with SMTP id t60so93424wes.4 for <ietf-http-wg@w3.org>; Wed, 17 Sep 2014 17:09:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=9mUUb8aR0Cp6V5xojWeOYoFxXv4VMGkUCPxOkdVBobA=; b=Ku6zVUL4WfWvmOvUKjI7/J9aIGmzAOppwEoX9CIbQ0Boa4KMXI2FKsw8bYakEkLFlK DdiwwZ1hTg+RqppwCIOzxTwJ6/NgxYlmZ3vwlb+j/MBBvwlScMO/2xPVjOPFF8gRoAsH Kz5NfQPY+FrH146lbOuzsOu3XLYezqyaobaZ4Z0QbQOf5WHwFdx1AjIOzGRsrFwAaGGu ETny/gmJSCpU1PcbdQao+6x2dG7XuBPo5hbbpG1b6C8+ugxTQtTCfiCBFvjzC+JoiA/Q U9xaFC6Hf3yyvWg1no4y9qjI17y8YW3q9lBHbhrWxZAIyGmn6EdFJMqjHnOlNJw5FRX7 oNbw==
X-Gm-Message-State: ALoCoQlcvRCryu6CeHI2EgDbr+YZ2DFDG/QGTbEnaHYvwf69XlhJwW6/rCBdzy3P1gtNO6d+ii90
MIME-Version: 1.0
X-Received: by 10.180.211.172 with SMTP id nd12mr8871974wic.74.1410998995085; Wed, 17 Sep 2014 17:09:55 -0700 (PDT)
Received: by 10.194.169.98 with HTTP; Wed, 17 Sep 2014 17:09:54 -0700 (PDT)
In-Reply-To: <CAFewVt7+UAJYfKAR6DRZi_mqdzSaYw6L-pT1qg=UyOaP1ojhTw@mail.gmail.com>
References: <CAH_y2NF+sP9BmYuD4QbeHpwC_uj67itzaAFCnRVC6f--KDYOgg@mail.gmail.com> <CAOdDvNopynmwvwWLXvuC0q7skunFXcfRoVHe9s7BKcoCwaBgWQ@mail.gmail.com> <CAH_y2NGXz7e3ejqy_rD=39=yYp3+cS1Dm6c3yFEYZg6tsUp5VQ@mail.gmail.com> <CABkgnnWAdm1TLP2XCKNU-6RPACLfooQV73R7Gpoemv+9PNULCA@mail.gmail.com> <CAH_y2NFLjok-NRJtOw1vmSy68sf393iSOgA4K599q0BSBqbNgA@mail.gmail.com> <CABkgnnU-CMtv8KvYU9n+QoPBOBshtQv3RfLy2qw=qVNb2O-qGg@mail.gmail.com> <CAH_y2NHrbH5Objwhq9E89QexhQtND4uOdy8q7OEckTCU17WqKg@mail.gmail.com> <CAH_y2NErRd4rxinSzEH3-uTjdWVkZu9o6sSKSf47LxfPFTRONw@mail.gmail.com> <20140917073241.GA7665@LK-Perkele-VII> <CAFewVt4pxE+9NpzYuzMKGmEdrDXzk50mC99ZbrM6M-uEoKXrHA@mail.gmail.com> <CAH_y2NGYcDvPcxDvaTRBP3p4Pnb7gw39WUDY3bNVnOGQjBgciQ@mail.gmail.com> <CAFewVt7+UAJYfKAR6DRZi_mqdzSaYw6L-pT1qg=UyOaP1ojhTw@mail.gmail.com>
Date: Thu, 18 Sep 2014 10:09:54 +1000
Message-ID: <CAH_y2NEhAEaPiUgi_vX6Oimw+Y-k3WrnL0gJZKPxQ8KZVuFVfw@mail.gmail.com>
From: Greg Wilkins <gregw@intalio.com>
To: Brian Smith <brian@briansmith.org>
Cc: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a11c388eee181f205034bcdc1"
Received-SPF: permerror client-ip=74.125.82.173; envelope-from=gregw@intalio.com; helo=mail-we0-f173.google.com
X-W3C-Hub-Spam-Status: No, score=-3.8
X-W3C-Hub-Spam-Report: AWL=-3.088, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7
X-W3C-Scan-Sig: lisa.w3.org 1XUPIj-000550-L9 7ea4debc1d5c44d7a18aaf8f5a30000f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Archived-At: <http://www.w3.org/mid/CAH_y2NEhAEaPiUgi_vX6Oimw+Y-k3WrnL0gJZKPxQ8KZVuFVfw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27114
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 18 September 2014 05:02, Brian Smith <brian@briansmith.org> wrote:

> draft 14 is clear enough for me to classify cipher suites into
> "acceptable" and "not acceptable". By default, assume that a cipher
> suite is not acceptable and you'll be fine.



So tell me how 9.2.2 defines the handling for the following situation.

Consider clients and servers written in java, so they inherit their ciphers
from the JVM. At some stage in the future a GCM is replaced by XYZ and
added to the JVM, so it is part of the acceptable TLS ciphers, but the h2
clients and servers implementations have adopted your advice to "By
default, assume that a cipher suite is not acceptable".   So everybody is
assuming that XYZ is not h2 acceptable.

So firstly this could be a problem if XYZ was introduced because of a
security flaw in GCM, as if implementation removed support for GCM, then we
could see a mass fallback to http/1, because TLS would not negotiate a h2
acceptable cipher.

But let's say that when this happens, we are smart and we work out that XYZ
is acceptable for h2. So we are going to modify our implementations to also
consider XYZ as h2 acceptable.

When can the server deploy XYZ h2 acceptability?   If it does so before the
clients, then it will immediately lose connectivity with all clients.
If it waits until all the clients are updated, then it will be waiting
forever and the web will have reverted to http/1.1.   If it goes in
between, there will always be a large subset of clients where the failure
mode is failed connection rather than fallback to old protocol or old cipher

In short because of 9.2.2, there is no migration path to the new XYZ cipher
that does not involve losing connectivity with a large proportion of
clients.

This is not a theoretical problem.    It is a real problem that I have
experienced as FF rolled out their AEAD restriction as rqeuired by 9.2.2
before jetty had implemented the same restriction and while AEAD is not
available on java-7.  I could implement the AEAD restriction in jetty now
to get connectivity with FF, but would lose connectivity with h2 clients
running java-7.
















-- 
Greg Wilkins <gregw@intalio.com>
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.

v2.39.1 | Report a Bug | By Email | System Status