Thanks for letting us know, Andrei.
That's rather depressing, but is fairly indicative that the errata report
should be verified. (I think I will edit the "Notes" slightly when doing
so, but am too tired to do a proper job tonight, so I'm holding off on
actually marking the report as verified in t
My reading of the TLS 1.2 and 1.3 RFCs is that zero-length application_data
records must still be encrypted and authenticated. Otherwise, MITM can inject
arbitrary numbers of these.
However, the current language is vague enough that I've seen major SW vendors
send (and accept) 0x17 0x03 0x03 0x
On Fri, Oct 11, 2019 at 09:21:49PM -0700, RFC Errata System wrote:
> The following errata report has been submitted for RFC8446,
> "The Transport Layer Security (TLS) Protocol Version 1.3".
>
> --
> You may review the report below and at:
> https://www.rfc-edito
