On 20/07/17 15:40, Paul Turner wrote: > I’m assuming that you’re referring to multiple nations being between > the TLS client and server. If a TLS client is set to not include the > extension, it seems the TLS client would simply close the connection. > It seems the client could choose whether it wanted to appease the > nation states.
Through how many nations states did this email travel between you and I? Mail is maybe worse than the web, but that's just with our current deployments but who knows when they'll migrate a 5G VM for a web server close to my base station? I'd assert there's no way TLS clients in general could know when to set or unset the "please wiretap me" evil bit in a ClientHello, regardless of how complex a configuration is used. Cheers, S.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
