> > OK, I see. It's worse than a compatibility risk, though, isn't it? If you > just let them break in case (a), and then maybe try again with (b), that > opens up a downgrade attack. Intermediaries can observe the size of the > Client Hello and make it break >
Exactly.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls