On Thursday 14 July 2016 09:17:06 Martin Thomson wrote: > On 14 July 2016 at 03:01, Eric Rescorla <e...@rtfm.com> wrote: > > > > Obviously, you could add a check that said that if an EC cipher suite was > > advertised, then you had to look for key shares even if you picked one, but > > it's not a check you otherwise need. > > Though you would miss an EC cipher suite that you didn't know about. > And as far as the client is concerned, any cipher suite that the > server didn't pick is potentially one that it didn't know about.
yes, but it's also a ciphersuite no other client will negotiate with that server and that's why we don't say that server should complain that an extension it does know about was sent despite there are no EC ciphers from its point of view you, as server, act on what you know and understand, and you check it fastidiously, everything else you MUST completely ignore ie. if you know about supported_groups extension you MUST check that the length of extension matches exactly the length of array (minus the 2 bytes for length), and that length is an even number but you MUST ignore any identifiers you don't know about if they appear in the array so server should check if, and only if, there are EC ciphers it knows about* in the client hello, then it should check for the presence of the extension and abort if it is missing * either ones it can negotiate now, or in general, but that's unimportant (I'd say the latter solution would be "cleaner") -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
