> On Sep 22, 2016, at 6:42 PM, Eric Rescorla <e...@rtfm.com> wrote: > > - New version negotiation format (*) [IMPORTANT: this got lost in the > ChangeLog]
4.2.1 Supported Versions says, "The extension contains a list of supported versions in preference order, with the most preferred version first." C.2 Negotiating with an older client says, "If the "supported_versions" extension is present, the server MUST negotiate the highest server-supported version found in that extension." I'm skeptical of the server respecting client preferences in any situation*, but if servers are required to negotiate the highest supported version (which I think is sensible), then there's no point to the client giving preference order. I propose moving the text about which version a server must negotiate out of the appendix to 4.2.1 and replacing the text mentioning client preference order with arbitrary order. (We could mandate descending version order, but it seems silly for the server to reject 0304, 0302, 0303 if it's willing to negotiate 0304, for example.) * The only time to take the client's preference into account is if the server really has no opinion on an option--e.g., two equivalent-strength cipher suites--but the client can specify a preference for an option that requires less computation/power for it. But I'm not entirely convinced that's worth the implementation cost. -- Stephen Checkoway _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls