Hi folks, I'm not sure how this process usually works, but I would like to reserve a bunch of values in the TLS registries to as part of an idea to keep our extension points working. Here's an I-D: https://tools.ietf.org/html/draft-davidben-tls-grease-00
(The name GREASE is in honor of AGL's rusted vs. well-oiled joints analogy from https://www.imperialviolet.org/2016/05/16/agility.html ) One problem we repeatedly run into is servers failing to implement TLS's various extension points correctly. The most obvious being version intolerance. When we deployed X25519 in Chrome, we discovered an intolerant implementation. (Thankfully it was rare enough to not warrant a fallback or revert!) It appears that signature algorithms maybe also be gathering rust. Ciphers and extensions seem to have held up, but I would like to ensure they stay that way. The root problem here is these broken servers interoperate fine with clients at the time they are deployed. It is only after new values get defined do we notice, by which time it is too late. I would like to fix this by reserving a few values in our registries so that clients may advertise random ones and regularly exercise these codepaths in servers. If enough of the client base does this, we can turn a large class of tomorrow's interop failures into today's interop failures. This is important because an bug will not thrive in the ecosystem if it does not work against the current deployment. If you were in Berlin, you may recognize this idea from the version negotiation debate. Alas that all happened in the wrong order as I hadn't written this up yet. This idea can't be applied to versioning without giving up on ClientHello.version, but we can start with the rest of the protocol. David PS: This is actually my first I-D, so apologies if I've messed it up somewhere!
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
