On 17 October 2015 at 12:03, Eric Rescorla <e...@rtfm.com> wrote: >> Just a single >> fixed patter signalling ">= 1.3" would then suffice. > > > If you wanted to cover 1.2 -> 1.1, then you would want this.
The observation is still valuable in the sense that prohibiting values > 1.3 would reduce the likelihood of a false positive by some miniscule amount. In other words, I agree with ekr here, though we could cap the value to 1.3. Maybe we could just define two values: one for TLS 1.3 (and greater, presumably) and one for TLS 1.2. I don't see any value in protecting 1.1 or 1.0 from downgrade any more given relative prevalence of those protocols and their age. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
