> -----Original Message----- > From: ilariliusva...@welho.com [mailto:ilariliusva...@welho.com] > Sent: Monday, February 19, 2018 9:51 AM > To: Jim Schaad <i...@augustcellars.com> > Cc: 'Martin Thomson' <martin.thom...@gmail.com>; tls@ietf.org; draft-ietf- > tls-record-li...@ietf.org > Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit > > On Mon, Feb 19, 2018 at 09:27:14AM -0800, Jim Schaad wrote: > > > > > > > -----Original Message----- > > > From: ilariliusva...@welho.com [mailto:ilariliusva...@welho.com] > > > Sent: Monday, February 19, 2018 9:18 AM > > > To: Jim Schaad <i...@augustcellars.com> > > > Cc: 'Martin Thomson' <martin.thom...@gmail.com>; tls@ietf.org; > > > draft-ietf- tls-record-li...@ietf.org > > > Subject: Re: [TLS] Mail regarding draft-ietf-tls-record-limit > > > > > > On Mon, Feb 19, 2018 at 08:31:53AM -0800, Jim Schaad wrote: > > > > Martin, > > > > > > > > I think that the wording I would prefer would be along the lines > > > > of > > > > > > > > A server MUST NOT error on the value of the extension when a > > > > higher TLS version is requested. The server MUST use the minimum > > > > of the requested value and the maximum value for the TLS version > negotiated. > > > > A server MAY error if a the value of the extension is exceeded for > > > > the version of TLS requested. > > > > > > You need to consider the case where there is some unknown-to-server > > > extension that happens to alter the limit. > > > > I am not sure how, as a that server, I could possibly do that. I > > can't act on something I don't understand. > > Because the server can not know the semantics of unknown extensions, it has > to assume any such can alter the maximum limit. Of course, when it comes to > that, the server could just not error on too large limits regardless of other > extensions.
But if the server does not understand the new extension, then it would not be returned to the client so that the client would understand how the server decided on what the maximum value that it is going to use for the client is. The client can then abort the connection if it does not like the new limit. However, I think that this would only affect the MAY in the proposed text. Jim > > > -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
