IETF Logo Mail Archive

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

Roland Zink <roland@zinks.de> Thu, 18 September 2014 09:24 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45ED71A86F3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 18 Sep 2014 02:24:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.654
X-Spam-Level:
X-Spam-Status: No, score=-8.654 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.652, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mpZ8stIBtaDj for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 18 Sep 2014 02:24:00 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBD7D1A0028 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 18 Sep 2014 02:24:00 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XUXu3-0001VA-MF for ietf-http-wg-dist@listhub.w3.org; Thu, 18 Sep 2014 09:21:27 +0000
Resent-Date: Thu, 18 Sep 2014 09:21:27 +0000
Resent-Message-Id: <E1XUXu3-0001VA-MF@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <roland@zinks.de>) id 1XUXti-0001Se-Gj for ietf-http-wg@listhub.w3.org; Thu, 18 Sep 2014 09:21:06 +0000
Received: from mo4-p00-ob.smtp.rzone.de ([81.169.146.220]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <roland@zinks.de>) id 1XUXtg-000087-Qk for ietf-http-wg@w3.org; Thu, 18 Sep 2014 09:21:06 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1411032042; l=642; s=domk; d=zinks.de; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References: Subject:To:MIME-Version:From:Date; bh=BsUoPiAyrEj1GOERrJgk9lT4r8Q=; b=vMfrDkCCMyo+dueMdxjbS0pOAMGlY1GFXLRkYfFSClXVLcuWv6qqxhEQkjpLJotYjos qv8B1nMMMu3c6Amt7ACvwEidCbFpEeEuMnFS1qBbRCt7X88rvrn8Tpo4ETiPTNcvgEAat MO/2Y3sbg6rZ19MXL9Rb3TLAn/7b0PmILTg=
X-RZG-AUTH: :PmMIdE6sW+WWP9q/oR3Lt+I+9KAK33vRJaCwLQNJU2mlIkBC0t1G+0bSVECAiLyA3p89RRF4ymRqWHUCkph2nKCaZg==
X-RZG-CLASS-ID: mo00
Received: from [IPv6:2001:4dd0:ff67:0:1924:815c:c094:2ba1] ([2001:4dd0:ff67:0:1924:815c:c094:2ba1]) by smtp.strato.de (RZmta 35.8 AUTH) with ESMTPSA id U017f3q8I9Kf7UO (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) for <ietf-http-wg@w3.org>; Thu, 18 Sep 2014 11:20:41 +0200 (CEST)
Message-ID: <541AA3EB.3070602@zinks.de>
Date: Thu, 18 Sep 2014 11:20:43 +0200
From: Roland Zink <roland@zinks.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: ietf-http-wg@w3.org
References: <CAH_y2NF+sP9BmYuD4QbeHpwC_uj67itzaAFCnRVC6f--KDYOgg@mail.gmail.com> <CABkgnnWAdm1TLP2XCKNU-6RPACLfooQV73R7Gpoemv+9PNULCA@mail.gmail.com> <CAH_y2NFLjok-NRJtOw1vmSy68sf393iSOgA4K599q0BSBqbNgA@mail.gmail.com> <CABkgnnU-CMtv8KvYU9n+QoPBOBshtQv3RfLy2qw=qVNb2O-qGg@mail.gmail.com> <CAH_y2NHrbH5Objwhq9E89QexhQtND4uOdy8q7OEckTCU17WqKg@mail.gmail.com> <CAH_y2NErRd4rxinSzEH3-uTjdWVkZu9o6sSKSf47LxfPFTRONw@mail.gmail.com> <20140917073241.GA7665@LK-Perkele-VII> <CAFewVt4pxE+9NpzYuzMKGmEdrDXzk50mC99ZbrM6M-uEoKXrHA@mail.gmail.com> <CAH_y2NGYcDvPcxDvaTRBP3p4Pnb7gw39WUDY3bNVnOGQjBgciQ@mail.gmail.com> <CAFewVt7+UAJYfKAR6DRZi_mqdzSaYw6L-pT1qg=UyOaP1ojhTw@mail.gmail.com> <CAH_y2NEhAEaPiUgi_vX6Oimw+Y-k3WrnL0gJZKPxQ8KZVuFVfw@mail.gmail.com> <CABkgnnU6C+TzJzdeQZhwXucuPUrPh1yyp1cpRd9jSePMjAnONQ@mail.gmail.com> <541A653C.4050903@gmail.com> <CAH_y2NFKqH8HGfXk0VR2BZ3n1vKPXeQkM0-qVjGhnz_TFGAwew@mail.gmail.com> <CAH_hAJHrhY1nQAHQ_o0uVPuqccLDzYAyNEuZ6q1Dh4ePDBKA_A@mail.gmail.com>
In-Reply-To: <CAH_hAJHrhY1nQAHQ_o0uVPuqccLDzYAyNEuZ6q1Dh4ePDBKA_A@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Received-SPF: none client-ip=81.169.146.220; envelope-from=roland@zinks.de; helo=mo4-p00-ob.smtp.rzone.de
X-W3C-Hub-Spam-Status: No, score=-4.5
X-W3C-Hub-Spam-Report: AWL=-2.494, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001
X-W3C-Scan-Sig: lisa.w3.org 1XUXtg-000087-Qk 1985dc78dda365414d048ea83d273d1a
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Archived-At: <http://www.w3.org/mid/541AA3EB.3070602@zinks.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27120
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I think the goal of section 9.2.2 is laudable. But I'm not sure if the 
layering is ok. When this is done within TLS, say with TLS 1.3, then the 
problem would vanish and the http2 layer wouldn't need to worry about it.

Roland


On 18.09.2014 10:33, Cory Benfield wrote:
> Greg, I'm genuinely sympathetic to your original complaint. I've had 
> problem with cipher suites as well, and have accepted that the best I 
> can do is fail if the server screwed up. I don't like that approach. 
> But I think the goal of section 9.2.2 is laudable and I'd be loathe to 
> remove it without replacing it with something equally important. Cory

v2.39.1 | Report a Bug | By Email | System Status