Yes, that is true, and would accomplish the goals of backwards compatibility along with keeping (at least) 32-bit alignment. Part of my non-stated goal was to also shrink the header, but *shrug*.
I still like the idea of marking it with a different version number (8.0)? -- -Todd Short // tsh...@akamai.com<mailto:tsh...@akamai.com> // "One if by land, two if by sea, three if by the Internet." On Nov 18, 2015, at 10:24 AM, Viktor Dukhovni <ietf-d...@dukhovni.org<mailto:ietf-d...@dukhovni.org>> wrote: On Wed, Nov 18, 2015 at 11:07:59AM +0200, Yoav Nir wrote: Stateful firewalls tend to pass only what they understand. They use some measures to avoid tunneling and passing things that are not HTTPS over TCP port 443. If the record layer header for application-data (not the initial handshak), is simply expanded by 3 bytes to 8 (zero padded), and the padding is included in the record length, then to legacy parsers it looks like a 5 byte header with payload that's 3 bytes longer. While implementations aware of the change will treat this as a new format in which the recorder header is 8 bytes and always overstates the payload length by 3. The real payload can then be properly aligned. -- Viktor. _______________________________________________ TLS mailing list TLS@ietf.org<mailto:TLS@ietf.org> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
