You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In writing #10 and the corresponding text for httpbis-alps, the guidance currently says not to put GREASE in ALPS. tls-alps, as written and implemented now, does not allow for GREASE. But GREASE is pretty useful.
We could allow for it if we introduced a way for TLS to ask the application "are these two ALPS payloads equivalent", or if the application supplied two byte strings, the actual payload and a comparison key. This would be compatible with the current strict-equality variant of ALPS if we said that the old values are still the ones negotiated. We're just relaxing how strongly TLS insists on the configured values.
Is this worth doing?
The text was updated successfully, but these errors were encountered:
In writing #10 and the corresponding text for httpbis-alps, the guidance currently says not to put GREASE in ALPS. tls-alps, as written and implemented now, does not allow for GREASE. But GREASE is pretty useful.
We could allow for it if we introduced a way for TLS to ask the application "are these two ALPS payloads equivalent", or if the application supplied two byte strings, the actual payload and a comparison key. This would be compatible with the current strict-equality variant of ALPS if we said that the old values are still the ones negotiated. We're just relaxing how strongly TLS insists on the configured values.
Is this worth doing?
The text was updated successfully, but these errors were encountered: