> it's not IETF's fault that the implementers add unspecified by IETF > restrictions and limitations to parsers of Client Hello messages or that > they can't handle handshake messages split over multiple record layer > messages, despite the standard being very explicit in that they MUST > support this >
When the failures are limited to obscure implementations, and/or popular ones with a hope of being updated, I'm in the "fix your shit" camp. When a substantial fraction of the internet breaks, this approach is less clearly the right one because it can result in the never-ending downgrade dance, or in limited deployment of new versions/ossification. I hope (with no real evidence) that given the strong level of involvement of the major browsers in 1.3 development that advantage goes to the client. Kyle
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
