On Wed, Dec 13, 2017 at 5:39 PM Hanno Böck <ha...@hboeck.de> wrote: > Hi, > > The deployment of TLS 1.3 was delayed because Internet middleboxes > broke when they saw unknown TLS data. > > I guess it's plausible to assume that the same problem will show up > with compressed certificates. Has any thought been given to that? >
Everything after the ServerHello in TLS 1.3 is encrypted. A non-terminating middlebox cannot mess with it, and a correctly-implemented terminating middlebox would just not negotiate the extension. As for TLS 1.2, I do not think this specification has any hope of being deployable in TLS 1.2. We would only negotiate it in TLS 1.3 for BoringSSL. This isn't much of a loss as this requires a code change to deploy anyway, and the code change may as well carry TLS 1.3 too. (To that end, it may be better to explicitly say in the document that the extension applies to TLS 1.3 only, so other folks don't try to deploy it at TLS 1.2 and have things break in buggy non-compliant networks they aren't testing in.) David
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
