I think Connection ID is an important enabler for end-to-end security with
(D)TLS. There seems to be important use cases for connection ID in TLS as well,
see https://www.ietf.org/mailman/listinfo/atlas. At the Monday afternoon TLS
session, it was stated that Connection ID in TLS was unemployable in the wild
due to middleboxes. Couldn't that be solved by placing the cid field after the
length field? E.g.
struct {
ContentType opaque_type = application_data; /* 23 */
ProtocolVersion legacy_record_version = 0x0303; /* TLS v1.2 */
uint16 length;
opaque cid[cid_length]; // New field
opaque encrypted_record[TLSCiphertext.length];
} TLSCiphertext;
length The sum of cid_length and TLSCiphertext.length
(Also draft-ietf-tls-dtls-connection-id-00 says obsoletes RFC6347, should be
updates).
Cheers,
John
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
