On Mon, Jun 20, 2016 at 6:15 PM, Martin Thomson <martin.thom...@gmail.com> wrote:
> David Benjamin wrote our section on 0-RTT backward compatibility to be > a little bit lenient about server deployment. On consideration, I > think that a simpler set of rules are better: > > 1. If the server advertises support for 0-RTT, then it implies a > commitment to support TLS 1.3 for the duration of that advertisement. > 2. Therefore, if the client attempts 0-RTT, then it should reject a > ServerHello with TLS 1.2 or older. > How does this affect the situation where a server might attempt to deploy TLS 1.3, discover a bug, and need to rollback? Does it just magically work?
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls