On Thu, Nov 07, 2019 at 11:18:28AM +1100, Martin Thomson wrote: > > Omitting the length field MUST only be used for data which is > > protected with one of the application_traffic_secret values, and > > not for messages protected with either [sender]_handshake_traffic_sercret > > or [sender]_early_traffic_secret values. When using an > > [sender]_application_traffic_secret for message protection, > > Implementations MAY include the length field at their discretion. > > This seems like an unnecessarily strong requirement that I couldn't > find any discussion about. I do seem to remember some discussion, > but I couldn't find it.
I actually tried finding rationale for that, and concluded that it was likely a mistake. Originally the requirement was not to use short headers with initial handshake packets. That was sensible back then. However, when unified headers were introduced, that requirement was changed to prohibition of omitting length, which does not make much sense to me. And I could not find any arguments for it. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
