On Thursday, July 21, 2016 06:42:52 am Hubert Kario wrote: > On Wednesday, 20 July 2016 19:30:27 CEST Martin Rex wrote: > > Any ClientHello with > 200 Cipher suite code points indicates fairly insane > > Client behaviour, so rejecting it is _perfectly_sane_ server behaviour. > > and which part of the standard says that it is "_perfectly_sane_" server > behaviour?
On this specific type of issue, I agree with Martin here that sanity checks for over-the-top configurations are reasonable, however we should be standardizing this, not having every implementation do this ad hoc. We really should go through a list of these sort of implementation break points and start picking arbitrary lines to add to the spec. They don't have to be ideal numbers; just something better than an upper limit of 2^15-2 suites (2 bytes each; 2^16-2 max sized vector) would be nice, for this example. Yes, certain fields have to stay open-ended, namely extensions, but reasonable limits should be added where appropriate. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
