IETF Logo Mail Archive

Re: Discussion of 9.2.2

Patrick McManus <mcmanus@ducksong.com> Thu, 25 September 2014 17:50 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 579DB1A028B for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 25 Sep 2014 10:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.065
X-Spam-Level:
X-Spam-Status: No, score=-7.065 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.786, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id phTYMOisHtxA for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 25 Sep 2014 10:50:49 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9E471A6FF9 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 25 Sep 2014 10:50:46 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XXD9P-0007bV-22 for ietf-http-wg-dist@listhub.w3.org; Thu, 25 Sep 2014 17:48:19 +0000
Resent-Date: Thu, 25 Sep 2014 17:48:19 +0000
Resent-Message-Id: <E1XXD9P-0007bV-22@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <mcmanus@ducksong.com>) id 1XXD93-0007Zn-Ev for ietf-http-wg@listhub.w3.org; Thu, 25 Sep 2014 17:47:57 +0000
Received: from li629-102.members.linode.com ([192.155.95.102] helo=linode64.ducksong.com) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <mcmanus@ducksong.com>) id 1XXD92-0003J3-3h for ietf-http-wg@w3.org; Thu, 25 Sep 2014 17:47:57 +0000
Received: from mail-qg0-f45.google.com (mail-qg0-f45.google.com [209.85.192.45]) by linode64.ducksong.com (Postfix) with ESMTPSA id 5470F3A048 for <ietf-http-wg@w3.org>; Thu, 25 Sep 2014 13:47:34 -0400 (EDT)
Received: by mail-qg0-f45.google.com with SMTP id q108so7931181qgd.4 for <ietf-http-wg@w3.org>; Thu, 25 Sep 2014 10:47:34 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.140.16.194 with SMTP id 60mr14275277qgb.105.1411667253996; Thu, 25 Sep 2014 10:47:33 -0700 (PDT)
Received: by 10.140.27.198 with HTTP; Thu, 25 Sep 2014 10:47:33 -0700 (PDT)
In-Reply-To: <20140925173354.GA5976@LK-Perkele-VII>
References: <F0D4BA2A-46B2-4F1A-8A23-1A319A3E5FC0@mnot.net> <CABkgnnV0HFeshNAe9CAzFDeED6Os_GmG6kxm827N18wduCkjiA@mail.gmail.com> <CAH_y2NFu=kyTVK_neACEVyWp9m4wfLOUu-=Dc9nZoMhP+fNSsg@mail.gmail.com> <CABcZeBMOqi+5LFzf1MmQuuW+4O7Pmvky68riNqtJDcbzQnvQig@mail.gmail.com> <CAH_y2NHCXamQrPQZyezkJ-NSZUPTdqjbyTDNufbJSiQ1q_QMjg@mail.gmail.com> <CABcZeBO46e9TpL_kksL5khPx0zbHv0Y3ZD1kp9ka8tzbMf5yhg@mail.gmail.com> <20140925173354.GA5976@LK-Perkele-VII>
Date: Thu, 25 Sep 2014 18:47:33 +0100
Message-ID: <CAOdDvNrRdGxtVhuKFHhT0g+9RwGDdn8SYSpeGfsBq1+XQv3ewQ@mail.gmail.com>
From: Patrick McManus <mcmanus@ducksong.com>
To: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Cc: Eric Rescorla <ekr@rtfm.com>, Greg Wilkins <gregw@intalio.com>, Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a11c0a6543736680503e7656b"
Received-SPF: none client-ip=192.155.95.102; envelope-from=mcmanus@ducksong.com; helo=linode64.ducksong.com
X-W3C-Hub-Spam-Status: No, score=-3.1
X-W3C-Hub-Spam-Report: AWL=-3.104, HTML_MESSAGE=0.001
X-W3C-Scan-Sig: maggie.w3.org 1XXD92-0003J3-3h 9bbe7bf3af88e0a50352f0175f3c3316
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Discussion of 9.2.2
Archived-At: <http://www.w3.org/mid/CAOdDvNrRdGxtVhuKFHhT0g+9RwGDdn8SYSpeGfsBq1+XQv3ewQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27241
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Thu, Sep 25, 2014 at 6:33 PM, Ilari Liusvaara <
ilari.liusvaara@elisanet.fi> wrote:

>
> > >
> > >    isAEAD()
> > >
> > > when it should be:
> > >
> > >    !isBlock() && !isStream()
> > >
> > > The former is a interoperability problem for future acceptable non AEAD
> > > ciphers, while the later is not.
> > >
> >
> > Trying to think this through....
> >
> > Isn't that only true if we add a new non-AEAD ciphersuite in NSS and then
> > forget
> > to update the code in Firefox?
>
> Nope. Somebody WILL dynamically link the TLS librariesif the platform
> supports dynamic linkage at all (and most non-constrained stuff does).
>
>
And even if stock Firefox statically links NSS, there is at least one
> rebranded one (checked the memory map) that dynamically links system
> NSS (hello version skew!).
>
>
firefox explicitly enables the cipher suites it supports - that isn't left
to the defaults of nss.

v2.46.0 | Report a Bug | By Email | System Status