On Fri, May 15, 2020, at 20:29, Thomas Fossati wrote: > While the specific behaviours might more or less differ, the same > considerations apply to 1.2. How do we make sure that the message > doesn't get ignored? Would it be worth drafting this separately to > cover both versions (+ an explicit "Updates: 6347" label)?
We're already marking TLS 1.2 obsolete with this, so I don't think that labels are going to change. The question is whether it is clear that these limits apply to the use of AEADs in TLS more generally. I think that is clear enough, but I doubt that people will pay any mind unless they are implementing TLS 1.3. The problem with TLS 1.2 is that there is no option for key updates, unless you count renegotiation, which is often disabled. When I added limits to NSS, all I could reliably do was make the connection terminate if the limit was hit (which is why the limits used are larger than advised in the spec). _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
