Hi TLS middle-box/middleware folks, If length's MSB in a D?TLS{Ciphertext,Plaintext,Compressed} record is set, how does your software react?
Is it going to drop the session/record or not bothering at all? I'm trying to understand a bit better whether and when it'd be safe to grab that bit and give it new semantics (e.g., for signalling the presence of a DTLS connection-id, an ext-header, or anything else really) and your answers would help shedding some (*) light on the matter. Based on previous experience on similar (but not identical) changes to the record format, Adam ([1], [2]) suggested that this bit is likely to have already ossified in TLS, whereas DTLS might be still OK. So, I'm curious to hear from those who own the boxes' logics if they share the same opinion - in particular if DTLS is in better shape than TLS? Thanks in advance for your time. (*) I'm pretty sure not every TLS middle-box vendor on earth is subscribed to this list and, even among those who are, not everyone might be willing or able to share this information with the wider community. This is to say that I'm aware of the limited value a poll like this has, but I'm not in a position to do a large-scale measurement campaign at the moment, so better start from somewhere... OTOH, I think there is a valuable discussion to be had in cases like this with folks that don't own the endpoints but are going to (or have already) put their logics on the e2e path, so hopefully I'm not wasting everyone's time :-) cheers, t [1] https://www.ietf.org/mail-archive/web/tls/current/msg25299.html [2] https://www.ietf.org/mail-archive/web/tls/current/msg25304.html _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls