You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this case, the cookie extension is omitted and the legacy_cookie field in the ClientHello message SHOULD be set to a zero length vector (i.e., a single zero byte length field) and MUST be ignored by a server negotiating DTLS 1.3.
... with:
If a DTLS 1.3 ClientHello is received with any other value in this field, the server MUST abort the handshake with an "illegal_parameter" alert.
The MUSTs in these appear to be pulling in opposite directions. I suspect that the latter is correct though. It is possible that a DTLS 1.3 client could get a legacy cookie from a DTLS 1.2 server, so that it is valid for the legacy cookie to appear when supported_versions includes DTLS 1.3. However, that represents an attack and a DTLS 1.3 server shouldn't continue to establish the connection. Maybe it isn't a bad attack because the client doesn't change its posture in ways that would materially affect the resulting session, but we have generally tried to avoid these.
The text was updated successfully, but these errors were encountered:
I can't reconcile:
... with:
The MUSTs in these appear to be pulling in opposite directions. I suspect that the latter is correct though. It is possible that a DTLS 1.3 client could get a legacy cookie from a DTLS 1.2 server, so that it is valid for the legacy cookie to appear when supported_versions includes DTLS 1.3. However, that represents an attack and a DTLS 1.3 server shouldn't continue to establish the connection. Maybe it isn't a bad attack because the client doesn't change its posture in ways that would materially affect the resulting session, but we have generally tried to avoid these.
The text was updated successfully, but these errors were encountered: