PR #148 in the DTLS 1.3 draft (https://github.com/tlswg/dtls13-spec/pull/148) proposes banning implicit CIDs. This comes at an obvious cost in terms of bytes on the wire. However, in discussions on a parallel thread [1 and related], it's noted that this removes header malleability.
Given that we don't have backing analysis suggesting that malleability (with the other AAD properties) is safe*, the chairs propose merging this PR as-is. To that end, please respond to the list by May 28, 2020, indicating whether or not you support this PR. Thanks, Chris, on behalf of the chairs *One proposal to address this is by extending the AAD to include the pseudo-header. However, the chairs feel this is an unnecessary divergence from QUIC. [1] https://mailarchive.ietf.org/arch/msg/tls/kFnlBW-TmlArcU0lD9UQdf_1t_o/ _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
