Re: Request for feedback from server/client implementers using\n non-OpenSSL TLS stacks

• 🗣️ From: mbays (mbays (a) sdf.org)
• 📅 Sent: 2021-11-08 17:47
• 📧 Message 12 of 14

	
Sunday, 2021-11-07 at 13:06 -0800 - Rohan Kumar <seirdy@seirdy.one>:


> There are many good reasons people to use TLS 1.3 that are quite
> relevant to Gemini:
> 
> - TLS 1.3 can eliminate one or two round-trips.
> - TLS 1.3 supports Encrypted Client Hello.
> - TLS 1.3 supports record padding.

Another one I think is particularly important for Gemini:
TLS 1.2 sends client certificates in the clear, while with 1.3 they are encrypted.

Even if the spec doesn't end up mandating 1.3, it might be worth requiring 
it for servers which make use of client certificates.

Another big advantage of requiring 1.3 is that it would let us use ed25519 
certificates (server and client). (I think in theory we could already do 
this, by choosing a certificate to send depending on which algorithms the 
remote party says they support, but that adds complexity and I don't know 
of any implementation which does this.)

---

Previous in thread (11 of 14): 🗣️ Jason McBrayer (jmcbray (a) carcosa.net)

Next in thread (13 of 14): 🗣️ nervuri (nervuri (a) disroot.org)

View entire thread.