I can't help but notice the text:
"Versions of TLS before 1.3 supported compression with the list of supported
compression methods being sent in this field. For every TLS 1.3 ClientHello,
this vector MUST contain exactly one byte set to zero, which corresponds to the
“null” compression method in prior versions of TLS. If a TLS 1.3 ClientHello is
received with any other value in this field, the server MUST abort the
handshake with an “illegal_parameter” alert. Note that TLS 1.3 servers might
receive TLS 1.2 or prior ClientHellos which contain other compression methods
and MUST follow the procedures for the appropriate prior version of TLS."
IMO, the compression methods section of ClientHello should be ignored as
mentioned by Martin Rex.
It may be too late for that, but RC4 IMO should be a SHOULD NOT not a MUST NOT.
One reason for that is that it is not broken the way that say 56-bit encryption
is.
From: TLS <tls-boun...@ietf.org> on behalf of Joseph Salowey <j...@salowey.net>
Sent: Wednesday, October 26, 2016 7:56 PM
To: tls@ietf.org
Subject: [TLS] Working Group Last Call for draft-ietf-tls-tls13-18
This is a working group last call announcement for draft-ietf-tls-tls13-18, to
run through November 20. If possible, we would like to receive comments on the
list by November 13 so they can be discussed at the meeting in Seoul. We hope
to address any substantive issues raised during that process shortly thereafter.
In order to allow for cryptographic review, we will delay submission of the
draft to the IESG until the end of January 2017; there will be an opportunity
to address any issues discovered by the cryptographic community prior to
submission to the IESG.
Cheers,
Joe
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
