On Fri, Jan 22, 2021 at 1:55 AM Nick Harper <i...@nharper.org> wrote:
> On Thu, Jan 21, 2021 at 9:46 PM Martin Thomson <m...@lowentropy.net> wrote: > >> In other words, each flag is treated just like an empty extension: you >> can initiate an exchange with it, but you can only answer with it if it was >> initiated with it. >> >> I agree that this is the correct guiding principle for handling flags. We > should allow unsolicited flags in the same places we allow unsolicited > extensions. Going by section 4.2 of RFC 8446, that would be ClientHello, > CertificateRequest, and NewSessionTicket. > FWIW, this is what I was trying to say as well, though I'm prepared to believe I didn't say it. There is also a separate but related question of whether you can send an unsolicited flags *extension* regardless of the contents of that extension in these messages. I believe you should be able to for the reason Nick and Martin indicates above. -Ekr
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls