On Mon, Jul 13, 2015 at 06:10:52PM +0200, Martin Rex wrote: > Dave Garrett wrote: > > On Monday, July 13, 2015 10:30:06 am Martin Rex wrote: > >> Section 7.4.1.4 Hello Extensions and its subsections are clearly > >> IRRELEVANT for a client that does not use Hello Extensions. > > > > If you want to put it that way, sure, however they are NOT irrelevant > > for a _server_ that does use hello extensions. This is a direct part > > of the TLS 1.2 spec, > > That particular MUST in 7.4.1.4.1 is *VOID* because it is incompatible with > rfc2119 section 6. As it can be easily verified, the behaviour > described in rfc5246 is detrimental to interoperability and security.
I don't see such conflict (except with TLS 1.0/1.1 client with TLS 1.2 server). The scenarios where that sort of behaviour would cause actual interop trouble (meaning it could have worked otherwise, assuming non- buggy client/server) are: - TLS 1.0/1.1 client (ClientVersion 3.1 or 3.2) connecting to TLS 1.2 server. Or - Server cert chain contains certificates TLS 1.2+ client does not care about (e.g. TLSA or excess certificates). The proposed changes for TLS 1.3 are for the latter case. (Then there is whole separate question on how compatible inter- operability and security are, and the answer seems to be not very). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
