I don't really agree that we shouldn't specify client order. We do that everywhere else in TLS.
Rather, I think we should relax the requirement to pick the highest one, which is just a holdover from a less expressive negotiation mechanism. -Ekr On Wed, Sep 28, 2016 at 9:18 AM, Stephen Checkoway <[email protected]> wrote: > > > On Sep 28, 2016, at 11:08 AM, Salz, Rich <[email protected]> wrote: > > > > > >> C.2 Negotiating with an older client says, "If the > >> "supported_versions" extension is present, the server MUST negotiate > >> the highest server-supported version found in that extension." > > > > I agree that an appendix is the wrong place to put this. And that > specifying the client order is pointless. > > > > But I disagree with this being a MUST. There may be times when the > server knows more than the client and will know that a lower version is > more appropriate. E.g., interfering middleboxes or regulatory regimes. > > Seems reasonable. How about making selection from the list (if the > extension is present) a MUST and selecting the highest server-supported > version is RECOMMENDED? Perhaps the second part is unnecessary. > > -- > Stephen Checkoway > > > > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
