On Wed, Dec 30, 2015 at 7:40 PM, Brian Smith <br...@briansmith.org> wrote: > When you say "the plan," whose plan are you referring to? If you read that > whole thread, there was a lot of well-founded opposition to that plan. And, > that plan was never carried out. That is plain to see, as there was never a > draft submitted with such a change.
I'm no expert on IETF processes but the draft was already in a late stage at the time when that came up and I think it was last the point for a -12? The revision that's currently in AUTH48 with the RFC Editor contains the change from MUST to MAY. > Not if the implementation doesn't implement RSA or finite-field DH. I think ekr's post, just previous, reflects my understanding here. For the vast majority of implementations, session-hash is needed because non-contributory key-exchange mechanisms will be included. If you do happen to have an implementation that only implements ECDHE with cofactor 1 curves or X25519 or X448, then I guess you could get away without implementing session hash, but I'd still implement session hash anyway. Having said that, I think I'd be fine with a TLS draft that said that the zero check should (or must) be done because I think that it should be done in general. Cheers AGL -- Adam Langley a...@imperialviolet.org https://www.imperialviolet.org _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
