Hi Nikos, On 13/10/2017, 07:21, "TLS on behalf of Nikos Mavrogiannopoulos" <tls-boun...@ietf.org on behalf of n...@redhat.com> wrote: > Another worrying feature is that the client can make the server send > up to 255 verbatim bytes on the wire of his choice. Why was this > feature added? Are there use cases related with it (intro doesn't > mention any), or it was only thought as a make it as generic as > possible approach? If it is the latter, I'd recommend to provide a > simple approach that covers the described use cases. > > The same argument applies to the server being able to set such a long > sequence of verbatim bytes to each of the client packets.
I'd like to get a better understanding of your concern here. Is it size? Or is that it creates a potential sub-channel for sending identifying information? If the latter, it doesn't look much different from Random (except it's larger)? And then it gets hashed in the finished message, so, the room for a third party to fiddle with it seems really limited. Exactly, what risk do you foresee? _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
