Ilari Liusvaara <ilariliusva...@welho.com> wrote: > > And even if the changes might not be directly consequential to > security, the changes to get through some more annoying middleboxes > might be quite annoying to implement. > > E.g. there probably are several different middeboxes that have a > configuration that actually checks that the handshake looks valid, > which includes checks for things like ChangeCipherSpec being > present in both directions, even for resumption; while the non- > resumption mode might even verify the authentication signatures in > the handshake and not letting server send non-handshake messages > before sending its 2nd flight. Ugh, getting around those would be > pretty nasty.
Fixing the backwards-incompatibilities in the TLS record layer would be terribly useful for streaming-optimized IO layers as well, i.e. ensure the the TLS record properly identifies ContentType, and that a TLSv1.3 handshake ends with CCS followed by 1 Handshake message. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
