Sounds reasonable. One concern is the F5 bug's failure mode was a timeout rather than an error, so, if you take away padding, the allowance in C.3 will not save heterogenous deployments where some servers do 1.3 and some are old F5 servers. But given we're talking about a straight-up server bug now, it seems reasonable for a client to say, okay, I will try to account for heterogenous 1.2 and 1.3 deployments because that's kinda operationally tricky, but if you've got that F5 bug, please fix it already.
David On Sun, Oct 30, 2016 at 6:03 AM Martin Thomson <martin.thom...@gmail.com> wrote: (Trivial optimization warning) Just perusing my draft and noticed that NSS pads a 0-RTT handshake, which is not that surprising given that it's fairly beefy (it will get even larger in -18). Since a 0-RTT handshake will break servers that don't at least superficially understand TLS 1.3, maybe we could avoid pading in this case. Is there any reason we shouldn't include that advice in the draft? _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
