On 3 June 2016 at 01:07, David Benjamin wrote:
> But reality is what it is. The Law of the Internet is the last thing that
> changed is blamed. We have a limited "budget" we can spend breaking things
> (otherwise I'd have removed almost everything by now!) and there is no
>
On Thursday 02 June 2016 15:22:03 David Benjamin wrote:
> On Thu, Jun 2, 2016 at 11:07 AM David Benjamin
> wrote:
> > On Thu, Jun 2, 2016 at 6:43 AM Hubert Kario
wrote:
> >> On Thursday 02 June 2016 11:39:20 Yoav Nir wrote:
> >> > > On 2 Jun 2016, at
> On Jun 2, 2016, at 11:16 AM, David Benjamin wrote:
>
> I've mused on something like that (I was the main driver behind painstakingly
> removing the existing version fallback in Chrome), but I don't think
> non-determinism is a good idea. Site owners need to be able to
On Thursday 02 June 2016 15:07:53 David Benjamin wrote:
> On Thu, Jun 2, 2016 at 6:43 AM Hubert Kario wrote:
> > On Thursday 02 June 2016 11:39:20 Yoav Nir wrote:
> > > > On 2 Jun 2016, at 10:31 AM, Nikos Mavrogiannopoulos
> > > > wrote:>
> > > >
> > > > On
On Thu, Jun 2, 2016 at 11:20 AM Hubert Kario wrote:
> > > Speaking of version number, does the text say that a server _MUST_
> > > accept any version higher than the one that is specified in the RFC,
> > > but reply with 0x03,0x04 in case it doesn't support any future
> > >
On Thu, Jun 2, 2016 at 11:07 AM David Benjamin
wrote:
> On Thu, Jun 2, 2016 at 6:43 AM Hubert Kario wrote:
>
>> On Thursday 02 June 2016 11:39:20 Yoav Nir wrote:
>> > > On 2 Jun 2016, at 10:31 AM, Nikos Mavrogiannopoulos
>> > > wrote:>
On Thursday 02 June 2016 14:49:52 David Benjamin wrote:
> On Thu, Jun 2, 2016 at 6:40 AM Hubert Kario wrote:
> > On Wednesday 01 June 2016 22:29:06 David Benjamin wrote:
> > > In case folks hoped we could bump the ClientHello version without
> > > those dreaded browser
On Thu, Jun 2, 2016 at 6:43 AM Hubert Kario wrote:
> On Thursday 02 June 2016 11:39:20 Yoav Nir wrote:
> > > On 2 Jun 2016, at 10:31 AM, Nikos Mavrogiannopoulos
> > > wrote:>
> > > On Wed, 2016-06-01 at 15:43 -0700, Eric Rescorla wrote:
> > >> 2% is actually
> On Jun 2, 2016, at 10:49 AM, David Benjamin wrote:
>
> I'm not sure I follow. The specification certainly spells out how version
> negotiation is supposed to work. That hasn't stopped servers from getting it
> wrong. Fundamentally this is the sort of thing where bugs
On Thu, Jun 2, 2016 at 6:40 AM Hubert Kario wrote:
> On Wednesday 01 June 2016 22:29:06 David Benjamin wrote:
> > In case folks hoped we could bump the ClientHello version without
> > those dreaded browser fallbacks, I have bad news. :-( 1.3 intolerance
> > very much exists.
On Thursday 02 June 2016 11:39:20 Yoav Nir wrote:
> > On 2 Jun 2016, at 10:31 AM, Nikos Mavrogiannopoulos
> > wrote:>
> > On Wed, 2016-06-01 at 15:43 -0700, Eric Rescorla wrote:
> >> 2% is actually pretty good, but I agree that we're going to need
> >> fallback.
> >
> > Please
On Wed, 2016-06-01 at 15:43 -0700, Eric Rescorla wrote:
> 2% is actually pretty good, but I agree that we're going to need
> fallback.
Please not. Lets let these fallbacks die. Not every client is a
browser. TLS 1.3 must be a protocol which doesn't require hacks to
operate. CBC was removed, lets
12 matches
Mail list logo