On Mon, Dec 4, 2017 at 1:59 AM, Alex C <immi...@gmail.com> wrote: > The obvious problem with randomly adding fake versions is you have to have > a way of ensuring they won't conflict with *real* future versions - and > whatever pattern you decide upon in order to do that, middleboxes will use > that pattern to filter out fake versions, and fail as soon as you present > one with a real future version (i.e. TLS 1.4). > > Can I also suggest adding a section about expected middlebox behaviour to > TLS 1.3? That way there is a reasonable chance that TLS 1.4 won't face the > same issues. > (Or can I do that myself? I'm not really familiar with the process, sorry) > > Yes, you can send a a PR at: https://github.com/tlswg/tls13-spec/
-Ekr > On Sat, Nov 25, 2017 at 8:21 AM, Yuhong Bao <yuhongbao_...@hotmail.com> > wrote: > >> That only applies to the ClientHello. >> >> ________________________________________ >> From: Andrei Popov <andrei.po...@microsoft.com> >> Sent: Wednesday, November 22, 2017 11:22:23 AM >> To: Yuhong Bao; Peter Saint-Andre; Eric Rescorla >> Cc: tls@ietf.org; Tapio Sokura >> Subject: RE: [TLS] PR#1091: Changes to provide middlebox robustness >> >> The idea was for the client to randomly add non-existent TLS versions to >> supported_versions. >> Presumably, this will exercise the extensibility joint and prevent it >> from becoming unusable. >> >> I'm not convinced this new approach will help, but we know the old one >> required fallbacks every time a new protocol version was introduced. >> >> Cheers, >> >> Andrei >> >> -----Original Message----- >> From: TLS [mailto:tls-boun...@ietf.org] On Behalf Of Yuhong Bao >> Sent: Wednesday, November 22, 2017 11:04 AM >> To: Peter Saint-Andre <stpe...@stpeter.im>; Eric Rescorla <e...@rtfm.com> >> Cc: tls@ietf.org; Tapio Sokura <tapio.sok...@iki.fi> >> Subject: Re: [TLS] PR#1091: Changes to provide middlebox robustness >> >> They are basically doing a supported_versions extension with only one >> entry in the ServerHello. >> The problem with future middleboxes should be obvious. >> >> ________________________________________ >> From: Peter Saint-Andre <stpe...@stpeter.im> >> Sent: Wednesday, November 22, 2017 11:02:39 AM >> To: Yuhong Bao; Eric Rescorla >> Cc: tls@ietf.org; Tapio Sokura >> Subject: Re: [TLS] PR#1091: Changes to provide middlebox robustness >> >> On 11/22/17 11:16 AM, Yuhong Bao wrote: >> > The problem is not TLS 1.3, the problem is future versions of TLS. >> >> Would you mind explaining that in more detail? >> >> Peter >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://na01.safelinks.protection.outlook.com/?url=https%3A% >> 2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Ftls&data=02%7C01% >> 7CAndrei.Popov%40microsoft.com%7C71d594d28d4241b8757f08d5 >> 31dbdbb2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636469 >> 742719473989&sdata=fCAZVB8XHK3IJQAoSf%2FUwSDlHYiy2tm0WBktCGS >> %2BPW8%3D&reserved=0 >> >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls