zlacker

[parent] [thread] 2 comments
1. discre+(OP)[view] [source] 2017-02-28 02:29:02
This is something the TLS spec authors have prepared against with GREASE. The idea is the client adds some junk version information to its list of supported protocols. To quote: "Correct server implementations will ignore these values and interoperate. Servers that do not tolerate unknown values will fail to interoperate with existing clients, revealing the mistake before it is widespread."

https://tools.ietf.org/html/draft-davidben-tls-grease-00

replies(1): >>throwa+S2
2. throwa+S2[view] [source] 2017-02-28 03:09:52
>>discre+(OP)
This dosent really seem to solve anything, everyone now ignores the enumerated GREASE values as they are reserved upfront, and will continue to cause failures with other extended values. yay?
replies(1): >>dvorak+cb
◧◩
3. dvorak+cb[view] [source] [discussion] 2017-02-28 04:57:49
>>throwa+S2
This at least means that the developer is aware that these parts of the spec are extensible, and by explicitly ignoring the GREASE values are explicitly choosing to potentially have a broken application in the future. This is a different class of problems than developers who weren't aware certain fields were extensible.
[go to top]