On 09/18/2015 03:24 PM, Brian Smith wrote: > On Fri, Sep 18, 2015 at 4:36 AM, Hubert Kario <hka...@redhat.com > <mailto:hka...@redhat.com>> wrote: > > On Friday 18 September 2015 00:58:19 Martin Rex wrote: > > So yes, it's no a direct interoperability issue, but it will > become one > in the future. > > > Given a *conformant* TLS 1.3 implementation, that kind of > interoperability problem could only happen if the TLS working group > specifically designed it to happen. In particular, a conformant TLS > 1.3 implementation must accept larger values of > ClientHello.client_version. >
It seems like the unstated point was that writing a conformant TLS 1.3 implementation from scratch is hard, and the only approximation to a conformance test that we have is interoperability with different TLS 1.3 implementations. We should be prepared to encounter things that are almost conformant TLS 1.3 implementations and interoperate fully, but have subtle bugs that could cause forward-incompatibilities due to undetected non-conformities. The paper shield of "but they're not conformant" does not provide much cover for us to completely ignore this possibility. -Ben
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
