On Sat, Dec 18, 2010 at 9:01 AM, Watson Ladd <[email protected]> wrote: [...] > When a client receives indication that its EXT_CREAT was not > recognized it falls back on CREATE. ORs send back a packet that > indicates if they do not recognize the SUITE and the client falls back > to an earlier revision.
Actually, the fallback mechanism probably isn't even needed: remember, the client has a descriptor for the servers that it wants to extend from and to, so it knows which keys and ciphersuites the target server supports, and which extend protocols the origin server supports. You're right that it's important to limit partitioning opportunities in any protocol revision; I tried to go over that in section 2, but we shouldn't assume that I've said the last word on this. We should continue to look for ways to revise and improve whatever we come up with to get the partitioning and other undesirable things down to a minimum. -- Nick
