> On Jan 17, 2015, at 7:07 AM, Jeffrey Walton <noloader@xxxxxxxxx> wrote: > > On Fri, Jan 16, 2015 at 4:04 PM, Bodo Moeller <bmoeller@xxxxxxx> wrote: >> Hanno Böck <hanno@xxxxxxxxx>: >> >>> I think this adds further evidence that adding another workaround layer >>> (SCSV) is the wrong thing to do. Instead browsers should just stop >>> doing weird things with protocols that compromise security and drop >>> the protocol dance completely. >> >> Also, quite clearly, we can't yet know how the TLS 1.3 (1.4, 1.5, ...) >> rollout will work out. >> > The WG should be solving problems that do exist; and not manufactured > problems or theoretical future problems that don't exist. They’re not theoretical. Servers that do not tolerate (0x03,0x04) in ClientHello exist *now*. Surprisingly, some of those do support TLS 1.2 and Renegotiation Info. Unless those are all gone by the time browsers roll out TLS 1.3, there will be a problem to solve. Yoav