Draft-21 says: "Handshake messages MUST NOT span key changes. Implementations MUST verify that all messages immediately preceding a key change align with a record boundary; if not, then they MUST terminate the connection with an "unexpected_message" alert. Because the ClientHello, EndOfEarlyData, ServerHello, Finished, and KeyUpdate messages can immediately precede a key change, implementations MUST send these messages in alignment with a record boundary."
It is not clear to me what "sending messages in alignment with a record boundary" means. Does it mean that each record is either all plaintext or all encrypted with key X? And therefore one cannot combine, e.g., ServerHello (plaintext) and EncryptedExtensions (encrypted with the handshake traffic key) messages in one record? Thanks, Andrei
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
