Max Rottenkolber <m...@mr.gy> writes: > On Thu, 24 Apr 2014 18:13:35 +0200, Pascal J. Bourguignon wrote: > >> a dead process sending fixed or previsible packets > > I didn't think of that. So basically you ensure the responding connection > isn't compromised by exercising the encryption, which is the hardest to > fake for a malicious attacker. Makes sense... Shame on me! :) > > What about a fixed length input though (and maybe answering with a > digest)? It still seems to me that the specified behavior is overly > arbitrary/error prone.
The introduction of the protocol says: The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation and a basis for path MTU (PMTU) discovery for DTLS. So the variable size of the packet is used for this later feature, discovery of path MTU or PMTU. -- __Pascal Bourguignon__ http://www.informatimago.com/ "Le mercure monte ? C'est le moment d'acheter !" _______________________________________________ pro mailing list pro@common-lisp.net http://common-lisp.net/cgi-bin/mailman/listinfo/pro