On 8 November 2016 at 14:01, Brian Smith <br...@briansmith.org> wrote: > Since this field isn't included in the additional_data of the AEAD in TLS > 1.3 any more, it isn't authenticated. That means an active MitM can use this > to transport up to 2 bytes of information hop-to-hop if the receiver doesn't > check it. That seems like a good reason to check it, and also to check > TLSCiphertext.opaque_type is application_data. Assuming this is the reason, > the reasoning should be explicitly called out because it is non-obvious.
I don't think that's the primary reason. A MitM could use TCP headers to carry other bits if they wanted. The main reason I can think of is ecosystem health. If you permit junk, then you get junk. Then you can't use the field any more because it contains junk. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
