On Tue, Oct 24, 2023 at 10:12:56PM -0400, David Benjamin wrote: > Additionally I want to emphasize that, because of the negotiation order > between versions and client certificates, there is no way to do an > incremental transition here. Saying deployments stick with 1.2 not only > impacts the relevant hardware but also *any other connections that the > server makes*. Essentially the server cannot enable TLS 1.3 until *every* > client has stopped using one of these PSS-incapable signers. This is not a > good transition plan.
I think we should probably think out the transition plan here a bit more. Sure, if we can have updated clients offer new SignatureSchemes and the server notice that to let them use TLS 1.3. But how does the server get to a place where it can use TLS 1.3 with every client that offers it? It seems like it has to know that all clients with old hardware tokens have updated, which would require knowing about and tracking exactly which clients those are, since other clients would not be sending the new SignatureSchemes in the first place. I see this getting a small win for the legacy clients but no improvement for other clients or the server's default behavior. Am I missing something? -Ben _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
