On Thursday 02 June 2016 15:22:03 David Benjamin wrote: > On Thu, Jun 2, 2016 at 11:07 AM David Benjamin <david...@chromium.org> > wrote: > > On Thu, Jun 2, 2016 at 6:43 AM Hubert Kario <hka...@redhat.com> wrote: > >> On Thursday 02 June 2016 11:39:20 Yoav Nir wrote: > >> > > On 2 Jun 2016, at 10:31 AM, Nikos Mavrogiannopoulos > >> > > <n...@redhat.com> wrote:> > >> > > > >> > > On Wed, 2016-06-01 at 15:43 -0700, Eric Rescorla wrote: > >> > >> 2% is actually pretty good, but I agree that we're going to > >> > >> need > >> > >> fallback. > >> > > > >> > > Please not. Lets let these fallbacks die. Not every client is a > >> > > browser. TLS 1.3 must be a protocol which doesn't require hacks > >> > > to > >> > > operate. CBC was removed, lets do the same for insecure > >> > > fallbacks. > >> > > >> > Not every client is a browser, but some are. So what does the > >> > browser > >> > do when a server resets the connection after seeing the > >> > ClientHello? > >> > > >> > Blank screen with a failure message? > >> > >> fallback to check if the connection failure is caused by TLSv1.3, > >> and if it is, display error message and put the blame squarely on > >> the server > (We already do that, by the way. That's exactly what > ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION in Chrome is.)
the rest of the information on such error page definitely doesn't give that impression Correct me if I'm wrong, but isn't the full text on it: """ The web page at https://example.com might be temporarily down or it may have moved permanently to a new web address. Error code: ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION """ -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls