On Wed, Oct 7, 2015 at 9:51 PM, Martin Rex <m...@sap.com> wrote: > Eric Rescorla wrote: > > > > That is what the document says: > > "Versions of TLS before 1.3 supported compression and the list of > > compression methods was supplied in this field. For any TLS 1.3 > > ClientHello, this field MUST contain only the ?null? compression method > > with the code point of 0. If a TLS 1.3 ClientHello is received with any > > other value in this field, the server MUST generate a fatal > > ?illegal_parameter? alert. Note that TLS 1.3 servers may receive TLS 1.2 > or > > prior ClientHellos which contain other compression methods and MUST > follow > > the procedures for the appropriate prior version of TLS." > > The quoted wording calls for a fatal handshake failure when ClientHello > offers > > TLSv1.2+compression _or_ TLSv1.3 > > while at the same time the last requirement asserts that a ClientHello with > > TLSv1.2+compression > > is perfectly OK. To me, this looks quite odd. >
That's not how I read this text. Rather, I read it as: If ClientHelloVersion >= TLS 1.3 then the compression field must be empty else: the compression field is dictated by other versions This doesn't seem inconsistent to me. If you still think that the paragraph reads differently, can you help me by diagramming it? > If you want compression removed from TLSv1.3, how about something like > this: > > > "Versions of TLS before 1.3 supported compression and the list of > compression methods was supplied in this field. > All TLS protocol > versions require the "null" compression method MUST be included/present > in the compression_methods list of ClientHello. A TLSv1.3 server that > is offered and selects/negotiates protocol version TLSv1.3, MUST select > the "null" compression method, and MUST ignore all other compression > methods that might appear in the compression_methods list of ClientHello. > > > Btw. for the last requirement, I would appreciate an additional > recommendation > for a configuration option to disable compression, maybe something like > > This document does not impose restrictions on the use of compression > with TLS protocol versions prior to TLSv1.3. However, it is RECOMMENDED > that implementations which support compression provide a configuration > option allowing consumers to disable the use of compression in TLS. > > > -Martin >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls