On Sun, Jun 19, 2022 at 09:16:48AM +0000, Peter Gutmann wrote: > Yaron Sheffer <yaronf.i...@gmail.com> writes: > > >Ben Kaduk asked why we only added TLS 1.2 Extended Master Secret > >support as a SHOULD, and we tend to agree (given widespread support > >of this feature) that is needs to be a MUST [1]. We would appreciate > >the group’s input before we make this change. > > This, alongside MUST EtM for the same draft, is like asking "should > having brakes and safety belts in cars be a MUST, or do you think a > SHOULD will be OK?", it's such a no-brainer that I'm surprised there's > a need to ask. > > Of course both EMS and EtM MUST be a MUST.
I think EtM is only MUST if blockmode (CBC) cipher is supported. And clients SHOULD NOT send EtM if not sending any blockmode cipher suites (as it is not possible to successfully negotiate EtM). There actually are TLS libraries that do not support blockmode at all (the needed code does not exist), which makes it impossible to negotiate EtM under any conditions. -Ilari _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
