On Mon, Jan 21, 2019, at 19:03, Nikos Mavrogiannopoulos wrote: > I do not think that 64 is not hard to implement, but I think it is very > hard to implement it in a way that it is efficient.
Totally agree. There's like a curve for performance with an asymptote as records get bigger and a steep incline as records get smaller. I picked 64, not because it is good - it's clearly terrible for performance - but because it was a power of 2 that was enough bigger than the handshake overhead that you couldn't configure a connection that was guaranteed to be unusable. 32 might have been enough, but it's pretty ludicrous, especially in DTLS. I didn't want to make this a performance consideration. Clearly 128 is much better than 64 performance-wise, but then 256 is better again. Where on that curve your preference lies will depend on your constraints. In the end, if a peer wants 64 and that would degrade performance too much for you, then you have a choice: don't negotiate the extension, or - for clients that don't get this choice - don't communicate with that peer. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
