On 17 March 2017 at 11:22, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > Is that from actually trying it with clients, or just assuming that > implementations will do what the spec says?
I know for certain that NSS explodes. Not from trying, but from knowing that part of the code very well. I'm fairly certain that boringSSL does too, knowing David. You say negative utility, but I've found that if you can get away with stricter policing of these things, it helps prevent servers from starting to do the wrong thing. The odds that someone tests a new server implementation against major browsers is fairly good. In any case, what would you expect a client to do if they don't advertise the extension? In this case, max_fragment_length is so badly designed that you can actually argue that it has utility, but I don't consider that as a good argument for the general case. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
