On Fri, Dec 14, 2018 at 10:50 AM Nico Williams <n...@cryptonector.com> wrote:
> If the server rejects resumption I guess the client would still fail, > but this is much better than failing at 100% of all resumptions and > better than adding fingerprinting and downgrades. > In order for TLS 1.3 deployment to be viable the failure rate needs to be negligible. It's not feasible to construct things such that moving traffic across session caching domains causes a wave of handshake failures. Additionally, if we were to wait for these versions of Java to die out in the ecosystem, we risk other buggy clients getting established in the mean time. We are painfully aware that limiting our server-side deployment allowed this bug to become established and, while we did it to ease middlebox issues, it may have been a mistake. Cheers AGL -- Adam Langley a...@imperialviolet.org https://www.imperialviolet.org
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls