On Tue, Mar 21, 2017 at 5:44 PM, Martin Thomson <martin.thom...@gmail.com> wrote:
> On 22 March 2017 at 11:09, Eric Rescorla <e...@rtfm.com> wrote: > > Couldn't you just use the maximum expansion you support (which > > ought to be 16 for TLS 1.3). > > That leads to the same problem that we're trying to avoid, namely that > your usable space goes through the floor. > I'm not quite sure I'm following. In the extension we say "You can send up to X bytes" and X can either be expressed in plaintext or ciphertext bytes. If we express it in ciphertext, then senders can totally safely marshall up to X - E_max bytes of plaintext where E_max is the maximum expansion of any cipher suite they support. The maximum amount of wastage in this case is E_max - E_min where E_min is the minimum amount of expansion of any cipher suite they support. If E_min == E_max, then this is fine (because you can just advertise X + E_max to hit a target of X). What am I missing? -Ekr > > >> When compression is enabled, I can't imagine > >> what it would do. > > > > I feel like we could ignore this, and just say "don't do compression" > > > Already done, in the spec. But not the code :( >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls