27; ; tls@ietf.org; draft-ietf-
> > tls-record-li...@ietf.org
> > Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit
> >
> > Because the server can not know the semantics of unknown extensions, it has
> > to assume any such can alter the maximum limit. Of cou
tf-
>> tls-record-li...@ietf.org
>> Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit
>>
>> On Mon, Feb 19, 2018 at 09:27:14AM -0800, Jim Schaad wrote:
>>>
>>>> -Original Message-
>>>> From: ilariliusva...@welho.com [mailto
2018 9:18 AM
> > > To: Jim Schaad
> > > Cc: 'Martin Thomson' ; tls@ietf.org;
> > > draft-ietf- tls-record-li...@ietf.org
> > > Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit
> > >
> > > On Mon, Feb 19, 2018 at 08:31:53AM -0800, Jim
27; ; tls@ietf.org; draft-ietf-
> > tls-record-li...@ietf.org
> > Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit
> >
> > On Mon, Feb 19, 2018 at 08:31:53AM -0800, Jim Schaad wrote:
> > > Martin,
> > >
> > > I think that the wording I
> -Original Message-
> From: ilariliusva...@welho.com [mailto:ilariliusva...@welho.com]
> Sent: Monday, February 19, 2018 9:18 AM
> To: Jim Schaad
> Cc: 'Martin Thomson' ; tls@ietf.org; draft-ietf-
> tls-record-li...@ietf.org
> Subject: Re: [TLS] Mail
On Mon, Feb 19, 2018 at 08:31:53AM -0800, Jim Schaad wrote:
> Martin,
>
> I think that the wording I would prefer would be along the lines of
>
> A server MUST NOT error on the value of the extension when a higher
> TLS version is requested. The server MUST use the minimum of the
> requested va
Martin,
I think that the wording I would prefer would be along the lines of
A server MUST NOT error on the value of the extension when a higher TLS version
is requested. The server MUST use the minimum of the requested value and the
maximum value for the TLS version negotiated. A server MAY
On 02/19/2018 04:14 AM, Martin Thomson wrote:
> (+tls@)
>
> This is a good question Jim and one that I thought through during
> implementation, but failed to capture in the doc.
>
> Basically, there is no way to validate the extension if the client
> includes an unknown version of TLS or an extensi
(+tls@)
This is a good question Jim and one that I thought through during
implementation, but failed to capture in the doc.
Basically, there is no way to validate the extension if the client
includes an unknown version of TLS or an extension that it doesn't
understand. A client can know because
