On Fri, Apr 07, 2017 at 12:05:42PM -0500, Benjamin Kaduk wrote: > One simple and easy option is to have a new extension to indicate the > maximum consecutive padding that will be accepted by an endpoint, and > abort the connection if too much padding is received in a row without > any non-padding content. But that might be too complicated, and we > could just note that implementations may get grumpy if they see too much > padding and abort the connection; peers are basically allowed to abort > the connection at will already, so it's not really a new thing.
Or, you know, just close the connection. Give them a fatal record to tell them why. No need to tell them up fron how much naughtiness you'll allow. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
