I generally agree with David here.
-Ekr P.S. Back in Seattle, we had rough consensus to change the alert requirements [0] so that you didn't have to send alerts, but if you sent an alert, you had to send alert X. That's been on the TODO list for a while but expect a PR soon. [0] https://github.com/tlswg/tls13-spec/issues/254 On Tue, Jul 12, 2016 at 6:58 PM, David Benjamin <david...@chromium.org> wrote: > Hey folks, > > I would like to remove the missing_extension MUSTs on the server side. > Full justification in the PR. > https://github.com/tlswg/tls13-spec/pull/544 > > On the client, it is perfectly feasible to mandate a particular alert > value. The check is very straight-forward. On the server, however, this is > a mistake. Servers do not necessarily have full information if not all > advertised ciphers are known, and a natural implementation of the > negotiation algorithm will not output this case. Even without this clause, > the handshake is already required to fail, so there is no risk of invalid > clients being deployed. > > Adding more complexity to an already hairy negotiation algorithm (the > pseudocode I mentioned is incomplete) just to diagnose what is an invalid > ClientHello anyway is not worth it. It buys too little for the complexity > cost. > > David > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
