Re: Discussion of 9.2.2
Greg Wilkins <gregw@intalio.com> Sun, 28 September 2014 02:16 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA2F21A0103 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 27 Sep 2014 19:16:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.065
X-Spam-Level:
X-Spam-Status: No, score=-7.065 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id detqTtgwuAEr for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 27 Sep 2014 19:16:15 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5016F1A0018 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 27 Sep 2014 19:16:15 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XY3z4-0001sM-M7 for ietf-http-wg-dist@listhub.w3.org; Sun, 28 Sep 2014 02:13:10 +0000
Resent-Date: Sun, 28 Sep 2014 02:13:10 +0000
Resent-Message-Id: <E1XY3z4-0001sM-M7@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XY3yX-0001pv-9F for ietf-http-wg@listhub.w3.org; Sun, 28 Sep 2014 02:12:37 +0000
Received: from mail-pd0-f180.google.com ([209.85.192.180]) by maggie.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <gregw@intalio.com>) id 1XY3yW-0002La-0Y for ietf-http-wg@w3.org; Sun, 28 Sep 2014 02:12:37 +0000
Received: by mail-pd0-f180.google.com with SMTP id fp1so1199824pdb.11 for <ietf-http-wg@w3.org>; Sat, 27 Sep 2014 19:12:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=YAJzppUNMlt/GUuZjCIlBlenOn3T3OgzLDFZ1HngACk=; b=HI7hBH8Sta+/Toz0kp3LYLWQAdPxPe1oroFtgyP3t+I+RHig7sMgBZZXua+APtScvt 5tQl9jblcV/vuzrAPQ8v1QpPJ5I7LM97ithONJ+rw3xW/r0cM6Us4BQM15N93qLbDKxv QnJ/NyvWEbtwFdxOaGdlJCe0Y/LuOTKhfYj6nrpauzrfEqkKD+k72e4Ru23HEeDarRni e4aRYwZ/RcX+n/c200+qQgkoIzmUUgjrN/zeESc9ECX9e+xEdhj7i+LL3xmGS7qjc5CF H5Ycik7XvmhBrdwJ/wbeP8nJk/IfeOO5xZUQzJHCEYMn2YfI3/Gv8zHe5m/J40VHQjpF mwJA==
X-Gm-Message-State: ALoCoQm77PXRGmyz35JlTyLJzct30P1m+iag3H7fN27k85K6nH5Nz2ogy9INOWfdcyL/QSO0e5Li
MIME-Version: 1.0
X-Received: by 10.66.236.38 with SMTP id ur6mr46718390pac.49.1411870328913; Sat, 27 Sep 2014 19:12:08 -0700 (PDT)
Received: by 10.70.28.227 with HTTP; Sat, 27 Sep 2014 19:12:08 -0700 (PDT)
In-Reply-To: <op.xmurz3mxiw9drz@uranium.sthat4.btopenzone.com>
References: <F0D4BA2A-46B2-4F1A-8A23-1A319A3E5FC0@mnot.net> <CABkgnnWszVer8Y3qgmEQnxNKUhroUEeseC8JkBbGT2P6z3iZxQ@mail.gmail.com> <CAH_y2NEvsTaZQpfAajycuo9xqKqd3Pu9aCtVGZLZez7Ux=p+Yw@mail.gmail.com> <op.xmurz3mxiw9drz@uranium.sthat4.btopenzone.com>
Date: Sun, 28 Sep 2014 12:12:08 +1000
Message-ID: <CAH_y2NGo8XtqH=g=8hx3Uf-JQfpsAaVsefyQoC02Yo9X4bX8jA@mail.gmail.com>
From: Greg Wilkins <gregw@intalio.com>
To: Martin Nilsson <nilsson@opera.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a1137f2906c960a050416ad1e"
Received-SPF: permerror client-ip=209.85.192.180; envelope-from=gregw@intalio.com; helo=mail-pd0-f180.google.com
X-W3C-Hub-Spam-Status: No, score=-4.7
X-W3C-Hub-Spam-Report: AWL=-2.138, BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7
X-W3C-Scan-Sig: maggie.w3.org 1XY3yW-0002La-0Y 2133cfb3868bd0e31a31a86549fc8d3a
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Discussion of 9.2.2
Archived-At: <http://www.w3.org/mid/CAH_y2NGo8XtqH=g=8hx3Uf-JQfpsAaVsefyQoC02Yo9X4bX8jA@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27301
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 28 September 2014 01:58, Martin Nilsson <nilsson@opera.com> wrote: > Do you believe we will intentionally release a new cipher that isn't > strong enough to be acceptable for HTTP/2? If no, then there isn't a > problem here. That is not the failure mode that we have been talking about. It is not that the new keys are likely to be weak. It is in fact because they are almost certainly going to be strong, but might not match the 9.2.2 description of what a strong cipher is. Repeated description of the issue follows... please skip if you have got it. Once you have string keys that don't clearly fit the 9.2.2 description of what string is, then you get problems because the handshake is fragile and depends on non ambiguous interpretation of 9.2.2 to work out which ciphers are only there for h1 fallback. If such new ciphers come along, implementations of 9.2.2 will need to be revised and as those implementations are rolled out, we will have interop failures because some servers will wrongly assume that a new strong 9.2.2 dubious cipher is being offered for h2 by an updated client when it is in fact being offered as a h1 fallback cipher. Ie are we 100% certain that all future strong ciphers will pass: isEphemeral() && !isBlock() && !isStream()? What about the alternate implementation of this that we have seen in FF of isEphemeral() && isAEAD() - will that be true for all strong ciphers for the life of h2? Nobody has yet said why we cannot just make the handshake non-fragile. I've offered several suggestion for that: a) white list of know h1 fallback ciphers b) update ALPN to indicate which ciphers are acceptable for each offered protocol c) do a h1 only retry handshake d) move the 9.2.2 requirement that applies equally to h1 and h2 -- Greg Wilkins <gregw@intalio.com> http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales http://www.webtide.com advice and support for jetty and cometd.
- Discussion of 9.2.2 Mark Nottingham
- Re: Discussion of 9.2.2 Roland Zink
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Martin Thomson
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Eric Rescorla
- Re: Discussion of 9.2.2 Roland Zink
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Eric Rescorla
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Ilari Liusvaara
- Re: Discussion of 9.2.2 Patrick McManus
- Re: Discussion of 9.2.2 Mark Nottingham
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Julian Reschke
- Re: Discussion of 9.2.2 Martin Thomson
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Eric Rescorla
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Willy Tarreau
- Re: Discussion of 9.2.2 Martin Nilsson
- Re: Discussion of 9.2.2 Jason Greene
- Re: Discussion of 9.2.2 Michael Sweet
- Re: Discussion of 9.2.2 Greg Wilkins
- Re: Discussion of 9.2.2 Martin Nilsson