Andrei Popov wrote: > > Then my argument would be: why send extra bytes in each ServerHello > when TLS client auth is not used most of the time? In this case, > CertificateRequest seems to be a better place.
I'm perfectly OK with the server _not_ sending/including a TLS extension "Supported Elliptic Curves" in ServerHello if the server is not going to request a client certificate. This is first of all about a fully backwards-compatible change of the protocol, which does not need to be seperately negotiated, and which is optional to use (for the server). By including the information in "CertificateRequest", it will be necessary to change the CertificateRequest PDU, and that will require a new negotiation of such a changed PDU for existing TLS protocol versions (TLSv1.0/1.1/1.2). Conveying the information through ServerHello should work just fine with existing implementations, does not need any additional negotiation through ClientHello&ServerHello and does not need to change an existing PDU (CertificateRequest). -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
