Thanks for the info. I see a pull request has just been submitted already: https://github.com/tlswg/tls13-spec/pull/1116
On Tue, Dec 5, 2017 at 1:03 AM, Eric Rescorla <e...@rtfm.com> wrote: > > > On Mon, Dec 4, 2017 at 1:59 AM, Alex C <immi...@gmail.com> wrote: > >> The obvious problem with randomly adding fake versions is you have to >> have a way of ensuring they won't conflict with *real* future versions - >> and whatever pattern you decide upon in order to do that, middleboxes will >> use that pattern to filter out fake versions, and fail as soon as you >> present one with a real future version (i.e. TLS 1.4). >> >> Can I also suggest adding a section about expected middlebox behaviour to >> TLS 1.3? That way there is a reasonable chance that TLS 1.4 won't face the >> same issues. >> (Or can I do that myself? I'm not really familiar with the process, sorry) >> >> > Yes, you can send a a PR at: > https://github.com/tlswg/tls13-spec/ > > -Ekr > > >> On Sat, Nov 25, 2017 at 8:21 AM, Yuhong Bao <yuhongbao_...@hotmail.com> >> wrote: >> >>> That only applies to the ClientHello. >>> >>> ________________________________________ >>> From: Andrei Popov <andrei.po...@microsoft.com> >>> Sent: Wednesday, November 22, 2017 11:22:23 AM >>> To: Yuhong Bao; Peter Saint-Andre; Eric Rescorla >>> Cc: tls@ietf.org; Tapio Sokura >>> Subject: RE: [TLS] PR#1091: Changes to provide middlebox robustness >>> >>> The idea was for the client to randomly add non-existent TLS versions to >>> supported_versions. >>> Presumably, this will exercise the extensibility joint and prevent it >>> from becoming unusable. >>> >>> I'm not convinced this new approach will help, but we know the old one >>> required fallbacks every time a new protocol version was introduced. >>> >>> Cheers, >>> >>> Andrei >>> >>> -----Original Message----- >>> From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Yuhong Bao >>> Sent: Wednesday, November 22, 2017 11:04 AM >>> To: Peter Saint-Andre <stpe...@stpeter.im>; Eric Rescorla <e...@rtfm.com> >>> Cc: tls@ietf.org; Tapio Sokura <tapio.sok...@iki.fi> >>> Subject: Re: [TLS] PR#1091: Changes to provide middlebox robustness >>> >>> They are basically doing a supported_versions extension with only one >>> entry in the ServerHello. >>> The problem with future middleboxes should be obvious. >>> >>> ________________________________________ >>> From: Peter Saint-Andre <stpe...@stpeter.im> >>> Sent: Wednesday, November 22, 2017 11:02:39 AM >>> To: Yuhong Bao; Eric Rescorla >>> Cc: tls@ietf.org; Tapio Sokura >>> Subject: Re: [TLS] PR#1091: Changes to provide middlebox robustness >>> >>> On 11/22/17 11:16 AM, Yuhong Bao wrote: >>> > The problem is not TLS 1.3, the problem is future versions of TLS. >>> >>> Would you mind explaining that in more detail? >>> >>> Peter >>> >>> _______________________________________________ >>> TLS mailing list >>> TLS@ietf.org >>> https://na01.safelinks.protection.outlook.com/?url=https%3A% >>> 2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=02%7C01%7C >>> Andrei.Popov%40microsoft.com%7C71d594d28d4241b8757f08d531db >>> dbb2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6364697427 >>> 19473989&sdata=fCAZVB8XHK3IJQAoSf%2FUwSDlHYiy2tm0WBktCGS% >>> 2BPW8%3D&reserved=0 >>> >>> _______________________________________________ >>> TLS mailing list >>> TLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/tls >>> >> >> >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls