[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf-tls
Subject: Re: [TLS] Allow NamedGroups from the server?
From: Dave Garrett <davemgarrett () gmail ! com>
Date: 2015-10-23 0:14:04
Message-ID: 201510222014.04719.davemgarrett () gmail ! com
[Download RAW message or body]
On Thursday, October 22, 2015 09:29:22 am Eric Rescorla wrote:
> From an implementation perspective, I wouldn't be surprised if client
> implementations choked on the server sending this. [...]
Hence my side-note that we should be explicit that it's for TLS 1.3+ (even if it's \
implicit elsewhere).
On Thursday, October 22, 2015 01:36:18 pm Martin Rex wrote:
> Andrei Popov wrote:
> > Then my argument would be: why send extra bytes in each ServerHello
> > when TLS client auth is not used most of the time? In this case,
> > CertificateRequest seems to be a better place.
>
> I'm perfectly OK with the server _not_ sending/including a TLS extension
> "Supported Elliptic Curves" in ServerHello if the server is not going
> to request a client certificate.
Yes, I would expect we want it in TLS 1.3+ ServerHello (or EncryptedExtensions) IFF \
the server is going to request a client cert.
Dave
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic