Hi, As tls 1.3 is being worked upon, older work like rfc 6520 and any enhancements to it may not be as important.
Also, particularly the TLS heartbeat feature, which has become famous for wrong reasons, is disabled by the SSL implementations eg OpenSSL. I tried to uncover an issue below pertaining to the heartbeat messages here: https://www.mail-archive.com/openssl-dev@openssl.org/msg47273.html Experts struggle to find any significant use of this feature for both the TLS and DTLS. I am planning to propose enhancements which will include restricted issuance of the heartbeat requests (wrt size and frequency) to avoid the exploit mentioned in the link above. A stronger standard will trigger bug/vulnerability free implementations. I would like to know if enhancements to this rfc are welcomed or it is there to be abandoned completely? In other words, is it worth spending time? Thanks Jitendra _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
