Hey folks, I would like to remove the missing_extension MUSTs on the server side. Full justification in the PR. https://github.com/tlswg/tls13-spec/pull/544
On the client, it is perfectly feasible to mandate a particular alert value. The check is very straight-forward. On the server, however, this is a mistake. Servers do not necessarily have full information if not all advertised ciphers are known, and a natural implementation of the negotiation algorithm will not output this case. Even without this clause, the handshake is already required to fail, so there is no risk of invalid clients being deployed. Adding more complexity to an already hairy negotiation algorithm (the pseudocode I mentioned is incomplete) just to diagnose what is an invalid ClientHello anyway is not worth it. It buys too little for the complexity cost. David
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls