On Wednesday 21 January 2015 16:45:31 Michael D'Errico wrote:
Martin Rex wrote:
Rubber-Stamping the fallback-scsv hack onto the standards track is
IMHO a very bad idea.
I apologize if this has been discussed before (I have about 1400
unread TLS mailing list messages in my queue), but it seems that
a simpler SCSV or extension could just ask the server to echo its
highest supported version:
ClientHello w/SCSV ----->
<----- ServerHello w/version extension
that's not allowed by the RFC's, the server can send back only the extension
id's client has sent
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic