On Friday 25 September 2015 19:19:12 Kurt Roeckx via RT wrote: > On Fri, Sep 25, 2015 at 04:23:27PM +0000, Hubert Kario via RT wrote: > > Given that TLSv1.3 has a 1RTT mode planned (so Client Key Exchange > > ends up as an extension, possibly multiple ones), and that quantum > > computing resistant algorithms usually require fairly large key > > sizes (large enough that protocol limitations itself are > > problematic), we may see Client Hellos larger than 16k in not so > > far future. > > Since we don't actually know how things are going to change in the > future and that they can change the maximum size of a Client > Hello, it makes sense to me to not enforce a limit for the Client > Hello message just because that's what the current version only > supports. For all other messages we should be able to tell what > the maximum size is.
It was already raised on the IETF mailing list and nobody disagreed that any future Client Hello messages need to be compatible for previous protocol versions. And that was in context of TLS 1.3 and quantum resistant crypto. Finally, there are implementations that do follow the specification to the letter - e.g. Mozilla NSS. -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: PGP signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev