On Thursday, October 22, 2015 09:29:22 am Eric Rescorla wrote: > From an implementation perspective, I wouldn't be surprised if client > implementations choked on the server sending this. [...]
Hence my side-note that we should be explicit that it's for TLS 1.3+ (even if it's implicit elsewhere). On Thursday, October 22, 2015 01:36:18 pm Martin Rex wrote: > Andrei Popov wrote: > > Then my argument would be: why send extra bytes in each ServerHello > > when TLS client auth is not used most of the time? In this case, > > CertificateRequest seems to be a better place. > > I'm perfectly OK with the server _not_ sending/including a TLS extension > "Supported Elliptic Curves" in ServerHello if the server is not going > to request a client certificate. Yes, I would expect we want it in TLS 1.3+ ServerHello (or EncryptedExtensions) IFF the server is going to request a client cert. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
