Serious question: Is there any valid use case for heartbeats in TLS or DTLS? (With valid use case I mean something like "I use it for this system", not answers like "you could use it for xy")
I asked this question in the heartbleed aftermath a couple of times and never got any reasonable answer. I have the feeling the only reason this extension exists is that someone needed a topic for his thesis. If this extension isn't used then I think it shouldn't be fixed. It should be removed. I think complexity is responsible for a large chunk of the problems TLS has these days, therefore everything that can be removed should be. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
pgp_1NF_v2fSl.pgp
Description: OpenPGP digital signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev