On Thu, Oct 22, 2015 at 10:36 AM, Martin Rex <m...@sap.com> wrote: > Andrei Popov wrote: > > > > Then my argument would be: why send extra bytes in each ServerHello > > when TLS client auth is not used most of the time? In this case, > > CertificateRequest seems to be a better place. > > I'm perfectly OK with the server _not_ sending/including a TLS extension > "Supported Elliptic Curves" in ServerHello if the server is not going > to request a client certificate. > > This is first of all about a fully backwards-compatible change of the > protocol, which does not need to be seperately negotiated, and which > is optional to use (for the server). >
It's not clear that it's in fact backwards compatible, since this is an undefined area in the spec. As I mentioned earlier, I wasn't sure how NSS behaved here and so before we even considered this [and I would still have to test to be totally sure] and we would need to take some sort of measurement from servers to determine that this does not cause bustage. By including the information in "CertificateRequest", it will be > necessary to change the CertificateRequest PDU, and that will require > a new negotiation of such a changed PDU for existing TLS protocol > versions (TLSv1.0/1.1/1.2). > We are already changing CertificateRequest in TLS 1.3 and we could (and probably should do nothing for previous versions of TLS). -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
