On Sat, Oct 08, 2016 at 04:32:32PM +0000, Nick Sullivan wrote: > I'm not proposing any new post-handshake authentication mechanisms or > anything relating to HTTP/2 renegotiation in this change. I'm simply making > support for the existing post-handshake messages optional. > > With this change, if the client does not opt in, unexpected > CertificateRequests are fatal to the connection. Same with unexpected > KeyUpdates and SessionTickets. This will hopefully reduce the complexity of > TLS 1.3 implementations that don't need these features.
I really don't think making KeyUpdate optional is a good idea. SessionTicket: Just don't send it / ignore it on reception. What makes CertificateRequest really annoying is that one can't just simply dismiss or NAK it. There are two messages involved, one involving a MAC. And furthermore, one must be quite careful in use of post-handshake auth to not get subtle security issues. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
