> On Mar 13, 2018, at 6:21 PM, Andrei Popov <andrei.po...@microsoft.com> wrote: > > If the client were to exclusively offer DHE-based ciphersuites, then the > visibility techniques that have been used in the past are thwarted. > TLS1.3-visibility will be equally thwarted if the client does not send the > empty “tls_visibility” extension, right? > (Assuming the server chooses to play by the rules, of course.)
Two points: 1) Yes, the server cannot use the "tls_visibility" extension unless the client offers it. This is to enable client opt-in. 2) If the server sends the "tls_visibility" extension without the client first offering it, by the normal TLS extension processing rules, the client MUST close the connection. Russ
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls