I wanted to rise one comment on the IETF session, but we ran out of time: given that TLS is a providing integrity and authenticity to the IP address information, shouldn't the protocol require the client to perform the full handshake and only then request information from the server? I.e. make it a post-handshake messages, like KeyUpdate, rather than an extension.
I worry that some clients may short-circuit processing and do the handshake only up to EncryptedExtensions, without processing CertificateVerify or Finished (in case of PSK), and in result expose themselves to MitM attacks. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls