Watson Ladd <watsonbl...@gmail.com> writes: >miTLS did not claim to be consistent with the RFC. Rather it claimed to be >secure, and to interoperate with most other implementations in circumstances >tested. The informal nature of the RFC makes it impossible to carry out >formal verification against it.
By that argument, you could start accepting SSH messages in the middle of the TLS handshake. No matter how you colour it, accepting Application Data after a Client Hello is wrong. Is there any random, non-formally-verified implementation that would do that? Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls