On Wed, Feb 13, 2019 at 06:39:03AM -0800, Eric Rescorla wrote: > On Wed, Feb 13, 2019 at 4:12 AM Hubert Kario <hka...@redhat.com> wrote: > > > you are not suggesting that which value will be used (from first or second > > CH), or if the connection will be aborted, to be implementation dependant > > *by design* , do you? > > > > I'n not sure I understand your question, but I'll try to answer what I > think it says. > > 1. I do think that whether you continue the connection or abort it is an > implementation decision and I think that the way the spec is written says > that. > 2. I think the spec leaves open whether you should use the first or second > values, but I think implementations should use the second value. It's not > clear why one would want to use the first.
One reason is that if one has state-machine handshake processing, it is not difficult to do all the negotiation on the first pass, and then only grab the share on second pass, if it was missing (as it is the only retry condition). That is what I initially implemented in TLS library I did (later versions use stateless approach, with checks that the CHs match). -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
