One way to split the difference between these two would be to use an extension to negotiate the encrypted record format.
-Ekr On Tue, Nov 15, 2016 at 9:10 AM, Martin Thomson <martin.thom...@gmail.com> wrote: > On 14 November 2016 at 21:58, Nikos Mavrogiannopoulos <n...@redhat.com> > wrote: > > For draft‐mavrogiannopoulos‐dtls‐cid‐00 and we needed to extend the > > DTLS un-authenticated part of the DTLS record header with an additional > > field. That works well if this is the only draft ever extending the > > DTLS record header. If not, modification order would be undefined. > > Where is this draft? > > > Would it make sense to introduce an extension header for DTLS 1.3 in > > the lines of the IPv6 extension headers? That would allow TLS extension > > negotiation to add more items on the un-authenticated header, and > > potentially also remove redundant headers. > > Without seeing the draft, I can't really say whether this is sensible, > but I've been working on trimming the DTLS 1.3 header down to > something sane. That might be incompatible with any attempt to add > unauthenticated data to the header. > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
