On Thursday, August 27, 2015 03:26:03 pm Eric Rescorla wrote: > My problem is precisely the conflation of offering with negotiating. The way > that > many stacks work (for instance NSS) is that they negotiate the cipher suite > *first* and then they check for the presence or absence of the relevant > extensions. > It's not clear to me that it's an improvement to require them to check for > error > conditions that are not otherwise relevant.
I'm not fundamentally opposed to having a hard requirement of an error check on negotiation, and basically a soft expectation on mere offering (SHOULD, MAY, or not mentioned; stern warning and shake of finger). That said, categorizing the cipher suites and just doing a quick check for which categories are there and what extensions came with it is not a very complicated requirement. I'm philosophically in the "do it right or explode so it can be found and fixed immediately" camp when it comes to very clear requirements like this, but I'm aware that this is sadly not always the dominant thought process. :| Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
