On Fri, Oct 16, 2015 at 10:04 AM, Martin Thomson <martin.thom...@gmail.com> wrote:
> On 16 October 2015 at 12:22, Brian Smith <br...@briansmith.org> wrote: > > Why only protect TLS 1.3 from such a downgrade? I think it is worthwhile > to > > protect TLS 1.2 from the downgrade too, in a similar way. Or, is there > > something specific about TLS 1.3 that makes the downgrade worse? > > Given that we can't expect TLS 1.2 servers to implement the hack, I'm > not sure that this is of great utility, but if we can bake a version > number in there, I'm not opposed to the notion. > I think TLS 1.2 servers would implement the mechanism, if it were documented in an update to the downgrade-scsv document. I mean, this mechanism is basically a replacement for the downgrade-scsv mechanism, because the downgrade-scsv mechanism doesn't (at least, can't be proven) to work, right? That would be especially true for an implementation that does False Start for TLS 1.2. Cheers, Brian -- https://briansmith.org/
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
