On Wednesday 21 January 2015 16:45:31 Michael D'Errico wrote: > Martin Rex wrote: > > Rubber-Stamping the fallback-scsv hack onto the standards track is > > IMHO a very bad idea. > > I apologize if this has been discussed before (I have about 1400 > unread TLS mailing list messages in my queue), but it seems that > a simpler SCSV or extension could just ask the server to echo its > highest supported version: > > ClientHello w/SCSV -----> > <----- ServerHello w/version extension that's not allowed by the RFC's, the server can send back only the extension id's client has sent -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic