Hi, Hubert Kario wrote: > then we need Best Current Practice for applications describing to them > how TLS needs to be used, e.g. make sure that they are doing writes as > big as possible, checking if timing of responses doesn't leak much > information, etc. Forcing TLS implementation to combine writes will > easily cause serious problems with interactivity of sessions... >
FYI: similar IETF documents like that exists for TLS (up to 1.2) already. Might make sense to update them or have similar ones when time comes. Though spreading everything out over a lot of documents makes it harder for implementers to find all the information they might be looking for, IMO. Actually, as far as I understand the whole objective of UTA-WG is putting out documents like that (Utilizing TLS in Applications). https://tools.ietf.org/html/rfc7457 https://tools.ietf.org/html/rfc7525 Aaron
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
