On Thu, Jan 22, 2015 at 12:07 PM, Hubert Kario <hkario(_at_)redhat(_dot_)com>
wrote:
On Wednesday 21 January 2015 16:45:31 Michael D'Errico wrote:
Martin Rex wrote:
Rubber-Stamping the fallback-scsv hack onto the standards track is
IMHO a very bad idea.
I apologize if this has been discussed before (I have about 1400
unread TLS mailing list messages in my queue), but it seems that
a simpler SCSV or extension could just ask the server to echo its
highest supported version:
ClientHello w/SCSV ----->
<----- ServerHello w/version extension
that's not allowed by the RFC's, the server can send back only the extension
id's client has sent
Not quite; cf RFC 5746 (Renegotiation Indication Extension), where the
client may use the SCSV TLS_EMPTY_RENEGOTIATION_INFO_SCSV instead of
the renegotiation_info extension in its ClientHello, but the server
will reply with the renegotiation_info extension.
/grubba
--
Henrik Grubbström
grubba(_at_)grubba(_dot_)org
Roxen Internet Software AB
grubba(_at_)roxen(_dot_)com