On Thu, Aug 15, 2013 at 10:15 AM, Chris Richardson <ch...@randomnonce.org>wrote:
> I believe this plan would have poor side effects. For example, if Apple > ships clients with a broken ECDSA implementation [0], a server cannot > detect detect if a connecting client is an Apple product and avoid the use > of ECDSA in that subset of connections. Instead, ECDSA suddenly becomes > unsafe for anyone to use anywhere. > I think your argument is more about the "Future work: A comprehensive profile for browsers' use of TLS" part of the document, since the fingerprinting that OpenSSL is now using to detect Safari 10.8 uses the presence and ordering of TLS extensions like SNI that are not in the scope of the current proposal. Although I think browsers could now realistically all agree on the sequence of ciphersuites to offer by default in their client hello, we're far from standardizing on the contents of the entire client hello. Let's defer the debate the pros/cons of completely eliminating fingerprinting in TLS until it is more realistic to do so (if ever). Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto