> Omitting the length field MUST only be used for data which is protected with > one of the application_traffic_secret values, and not for messages protected > with either [sender]_handshake_traffic_sercret or > [sender]_early_traffic_secret values. When using an > [sender]_application_traffic_secret for message protection, Implementations > MAY include the length field at their discretion.
This seems like an unnecessarily strong requirement that I couldn't find any discussion about. I do seem to remember some discussion, but I couldn't find it. QUIC says something different: any packet without a length has to go at the end of the datagram. Why does DTLS not say the same? (QUIC also says something about mixing packets from different connections in the same datagram: don't. That probably an addition worth including.) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
