On Thu, Sep 17, 2015 at 02:46:39PM -0700, Brian Smith wrote: > On Thu, Sep 17, 2015 at 1:50 PM, Nico Williams <n...@cryptonector.com> > wrote: > > Do we think that silent connection closings wouldn't also lead to > > version fallback? > > Let's ask the browser vendors: > > Browser vendors, if web servers were to stop sending alerts during > handshake failures, would you start doing version fallback when a > connection is closed?
That's not how we answers to questions like that. These behaviors (on the part of developers) arise long after we think ask the question. The point is: if they did it then, why would we think they wouldn't do it now without fatal alerts? Spoiler alert!1!!: developers want the user experience to be smooth, security be damned, so yes, they will in fact implement version fallbacks on connection close. But now consider a fatal alert that conveys a "it's not gonna work with earlier versions either, you dummy" message. That's got a slightly better chance of working. Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls