Ø I don't really agree that we shouldn't specify client order. We do that everywhere else in TLS. + 1 While I agree that the server should be using the server’s preferences in most cases, I see no reason for the client to not list protocol versions (and cipher suites, for that matter) in the client’s order of preference. The client needs to send all supported options; no need to randomize the order.
Ø Rather, I think we should relax the requirement to pick the highest one, which is just a holdover from a less expressive negotiation mechanism. In addition, it’s not always clear what the “highest” TLS version is, e.g. in the presence of national TLS “standards”. E.g. a particular server may prefer TLS 0x0100 over TLS 0x0304. Cheers, Andrei From: TLS [mailto:[email protected]] On Behalf Of Eric Rescorla Sent: Wednesday, September 28, 2016 10:15 AM To: Stephen Checkoway <[email protected]> Cc: [email protected] Subject: Re: [TLS] draft-ietf-tls-tls13-16 I don't really agree that we shouldn't specify client order. We do that everywhere else in TLS. Rather, I think we should relax the requirement to pick the highest one, which is just a holdover from a less expressive negotiation mechanism. -Ekr On Wed, Sep 28, 2016 at 9:18 AM, Stephen Checkoway <[email protected]<mailto:[email protected]>> wrote: > On Sep 28, 2016, at 11:08 AM, Salz, Rich > <[email protected]<mailto:[email protected]>> wrote: > > >> C.2 Negotiating with an older client says, "If the >> "supported_versions" extension is present, the server MUST negotiate >> the highest server-supported version found in that extension." > > I agree that an appendix is the wrong place to put this. And that specifying > the client order is pointless. > > But I disagree with this being a MUST. There may be times when the server > knows more than the client and will know that a lower version is more > appropriate. E.g., interfering middleboxes or regulatory regimes. Seems reasonable. How about making selection from the list (if the extension is present) a MUST and selecting the highest server-supported version is RECOMMENDED? Perhaps the second part is unnecessary. -- Stephen Checkoway _______________________________________________ TLS mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
