Personally I think, the negotiation may cause the downgrade security risk, making PNE not actually work for privacy protection. The hardware acceleration can support both PNE and plaintext packet number. Maybe we can consider assigning a new port, just for plaintext packet number's QUIC/DTLS ? such as : port 80: plain text, http port 443: QUIC with PNE/TLS, by default. port 886: QUIC with plaintext packet number, only used on specific environments. port 4433: DTLS with PNE, by default. port 8866: DTLS with plaintext packet number, only used on specific environments.
Boris Pismenny <[email protected]> 于2023年2月27日周一 17:09写道: > >> Next, I'll start working on a draft. >> > > A first draft can be found here: > > https://www.ietf.org/id/draft-pismenny-tls-dtls-plaintext-sequence-number-00.txt > > and the source is here: > > https://github.com/BorisPis/draft-pismenny-tls-dtls-plaintext-sequence-number > > All inputs will be appreciated. > _______________________________________________ > TLS mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
