> On Mar 13, 2018, at 6:21 PM, Andrei Popov <andrei.po...@microsoft.com> wrote:
> If the client were to exclusively offer DHE-based ciphersuites, then the
> visibility techniques that have been used in the past are thwarted.
> TLS1.3-visibility will be equally thwarted if the client does not send the
> empty “tls_visibility” extension, right?
> (Assuming the server chooses to play by the rules, of course.)
1) Yes, the server cannot use the "tls_visibility" extension unless the client
offers it. This is to enable client opt-in.
2) If the server sends the "tls_visibility" extension without the client first
offering it, by the normal TLS extension processing rules, the client MUST
close the connection.
TLS mailing list