> On Mar 13, 2018, at 6:21 PM, Andrei Popov <andrei.po...@microsoft.com> wrote:
> If the client were to exclusively offer DHE-based ciphersuites, then the 
> visibility techniques that have been used in the past are thwarted.
> TLS1.3-visibility will be equally thwarted if the client does not send the 
> empty “tls_visibility” extension, right?
> (Assuming the server chooses to play by the rules, of course.)

Two points:

1) Yes, the server cannot use the "tls_visibility" extension unless the client 
offers it.  This is to enable client opt-in.

2) If the server sends the "tls_visibility" extension without the client first 
offering it, by the normal TLS extension processing rules, the client MUST 
close the connection.


TLS mailing list

Reply via email to