IETF Logo Mail Archive

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

Patrick McManus <pmcmanus@mozilla.com> Thu, 18 September 2014 14:07 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77B6C1A0196 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 18 Sep 2014 07:07:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.931
X-Spam-Level:
X-Spam-Status: No, score=-7.931 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.652, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ncjfQD5PACx for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 18 Sep 2014 07:07:38 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0440E1A8820 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 18 Sep 2014 07:07:37 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XUcK7-0002Qe-Ky for ietf-http-wg-dist@listhub.w3.org; Thu, 18 Sep 2014 14:04:39 +0000
Resent-Date: Thu, 18 Sep 2014 14:04:39 +0000
Resent-Message-Id: <E1XUcK7-0002Qe-Ky@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <pmcmanus@mozilla.com>) id 1XUcJX-0002Dq-Vu for ietf-http-wg@listhub.w3.org; Thu, 18 Sep 2014 14:04:04 +0000
Received: from li629-102.members.linode.com ([192.155.95.102] helo=linode64.ducksong.com) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <pmcmanus@mozilla.com>) id 1XUcJR-0007ku-Tt for ietf-http-wg@w3.org; Thu, 18 Sep 2014 14:04:03 +0000
Received: from mail-qa0-f43.google.com (mail-qa0-f43.google.com [209.85.216.43]) by linode64.ducksong.com (Postfix) with ESMTPSA id 190ED3A020 for <ietf-http-wg@w3.org>; Thu, 18 Sep 2014 10:03:36 -0400 (EDT)
Received: by mail-qa0-f43.google.com with SMTP id x12so1113245qac.2 for <ietf-http-wg@w3.org>; Thu, 18 Sep 2014 07:03:35 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.229.212.66 with SMTP id gr2mr8926832qcb.27.1411049015835; Thu, 18 Sep 2014 07:03:35 -0700 (PDT)
Received: by 10.140.27.198 with HTTP; Thu, 18 Sep 2014 07:03:35 -0700 (PDT)
In-Reply-To: <CAH_y2NEHZbWLof=ZWEa2UdjBw1Bf+kQCHzPkrhcSU80WaDibeA@mail.gmail.com>
References: <CAH_y2NF+sP9BmYuD4QbeHpwC_uj67itzaAFCnRVC6f--KDYOgg@mail.gmail.com> <CAOdDvNopynmwvwWLXvuC0q7skunFXcfRoVHe9s7BKcoCwaBgWQ@mail.gmail.com> <CAH_y2NGXz7e3ejqy_rD=39=yYp3+cS1Dm6c3yFEYZg6tsUp5VQ@mail.gmail.com> <CABkgnnWAdm1TLP2XCKNU-6RPACLfooQV73R7Gpoemv+9PNULCA@mail.gmail.com> <CAH_y2NFLjok-NRJtOw1vmSy68sf393iSOgA4K599q0BSBqbNgA@mail.gmail.com> <CABkgnnU-CMtv8KvYU9n+QoPBOBshtQv3RfLy2qw=qVNb2O-qGg@mail.gmail.com> <CAH_y2NHrbH5Objwhq9E89QexhQtND4uOdy8q7OEckTCU17WqKg@mail.gmail.com> <CAH_y2NErRd4rxinSzEH3-uTjdWVkZu9o6sSKSf47LxfPFTRONw@mail.gmail.com> <20140917073241.GA7665@LK-Perkele-VII> <CAFewVt4pxE+9NpzYuzMKGmEdrDXzk50mC99ZbrM6M-uEoKXrHA@mail.gmail.com> <CAH_y2NGYcDvPcxDvaTRBP3p4Pnb7gw39WUDY3bNVnOGQjBgciQ@mail.gmail.com> <CAFewVt7+UAJYfKAR6DRZi_mqdzSaYw6L-pT1qg=UyOaP1ojhTw@mail.gmail.com> <CAH_y2NEhAEaPiUgi_vX6Oimw+Y-k3WrnL0gJZKPxQ8KZVuFVfw@mail.gmail.com> <CABkgnnU6C+TzJzdeQZhwXucuPUrPh1yyp1cpRd9jSePMjAnONQ@mail.gmail.com> <CAH_y2NEHZbWLof=ZWEa2UdjBw1Bf+kQCHzPkrhcSU80WaDibeA@mail.gmail.com>
Date: Thu, 18 Sep 2014 10:03:35 -0400
Message-ID: <CAOdDvNrdrBNi0kZDorR+8K-5-sPFipVr=U0kx5r56oPX_LhJSA@mail.gmail.com>
From: Patrick McManus <pmcmanus@mozilla.com>
To: Greg Wilkins <gregw@intalio.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a11339b5859837c0503577309"
Received-SPF: none client-ip=192.155.95.102; envelope-from=pmcmanus@mozilla.com; helo=linode64.ducksong.com
X-W3C-Hub-Spam-Status: No, score=-4.0
X-W3C-Hub-Spam-Report: AWL=-2.114, BAYES_00=-1.9, HTML_MESSAGE=0.001
X-W3C-Scan-Sig: lisa.w3.org 1XUcJR-0007ku-Tt f329828f9da0a782967b66d75ed96650
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Archived-At: <http://www.w3.org/mid/CAOdDvNrdrBNi0kZDorR+8K-5-sPFipVr=U0kx5r56oPX_LhJSA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27122
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Greg,

This thread is suffering a bit from wall-of-text syndrome for me. Is this
the main point below?

On Thu, Sep 18, 2014 at 12:18 AM, Greg Wilkins <gregw@intalio.com> wrote:

>
> Exactly my point!!!!  If implementations pickup XYZ and some
> know it is OK but some don't, then we have connection failure.
>
>
The scenario as I understand it is:
1] some new XYZ is in fact h2 appropriate by 9.2.2,
2] a client handshake offers both XYZ and GCM along with h2 and h1
3] the server selects XYZ+h2 (which meet the requirements of h2 - good job)
4] The client's h2 stack, expecting GCM, is not aware that XYZ satisfies
9.2.2 so it generates an h2 INADEQUATE_SECURITY

I would say that's an implementation bug in the client.

I think its an interesting editorial point to call out that you really do
need to understand the properties of the ciphers you offer to negotiate
because of the constraints of 9.2.2 - at least along the dimensions that
9.2.2 deals with.


> it is impossible to know what all clients out there think is an acceptable
> protocol+cipher combination.
>
>
Implementations (and I think this applies equally to clients and servers)
are buggy if they generate INADEQUATE_SECURITY on connections that meet the
requirements of 9.2.2. This is not impossible to do right because the
negotiation is always an intersection of the things the client and server
both know. I acknowledge that some languages and frameworks will need more
work than others to satisfy it - I don't find that an especially important
argument in this context as we've already included requirements that
require significant changes to existing widely deployed frameworks (e.g.
ALPN).

I understand that 9.2.2 requires us to support GCM, but the example of
> moving from
> java7 with CDC to java 8 GCM has shown a real interoperability problem as
> we lost
> connectivity with FF because it has implemented the GCM restriction before
> we have.
>

I read this as you've had some interop problems because of buggy pioneer
implementations and evolving draft requirements - imo that's to be expected
at this stage of the process, not something to worry about maximizing
compatibility with. if the Java 7 app wasn't using an AEAD algorithm with
h2 then it was buggy, just like the old firefox nightlies that would allow
h2 to be negotiated with non-aead suites were buggy (I don't say that
pejoratively - bugs are just par for the course at this stage, its just
compatibility with buggy draft-level implementations doesn't really need to
be a constraint on the protocol definition.)

-P

v2.39.1 | Report a Bug | By Email | System Status