8 comments

[ 4.1 ms ] story [ 37.2 ms ] thread
Since unknown ciphersuites seem to be much better handled (i.e. are ignored), I wonder if keeping the header version at 1.2 while extending the ciphersuites with more that indicate 1.3-like behaviour would be better for backwards compatibility. For example,

TLS 1.3 will sign all messages before server authentication, even though it makes Transcript Collision Attacks somewhat easier to mount.

...there could be a ciphersuite which tells the server to do this.

Could be!

But someday we'll want to turn off the 1.2 handshake, so better that we deal with some of the version intolerance now.

Offtopic: Nice and clean blog interface. Anyone knows if this is self-made or it is a platform of some kind?
Thanks! The "design" is mine, and I still use Octopress because I haven't found the time to switch to something fancier.
What csm you used to make this blog?
> As soon as the spec is finished, and often far before that feat is done, clients will have been equipped with support for the new TLS protocol version

Very optimistic view on situation with client browsers. In the real world we still have users with Win XP and IE. Or Android 2.x (and we can't blame users, because vendors don't provide new firmware).

I think he meant some clients, as in, "there will be some out there". I don't think we'll _ever_ see a day when all clients use current (or even recent) versions of TLS.