On Mon, Apr 07, 2014 at 11:02:50PM -0700, Edwin Chu wrote: > I am not openssl expert and here is just my observation. > [...]
Thanks for this analysis. Sadly, a variable-sized heartbeat payload was probably necessary, at least for the DTLS case: for PMTU discovery. Once more, a lack of an IDL, standard encoding, and tools, has hurt us. Hand-coded parsers/encoders are disasters waiting to happen. The TLS ad-hoc message syntax and encoding are not even adhered to consistently in all the extensions, so I'm not sure that we could fix this problem now (in TLS 1.3, say). There was a thread on the TLS WG list about this a while back... Fixing this in 1.3 wouldn't fix the implementations. Making tooling available wouldn't either: it's very difficult to retrofit an IDL compiler into a codebase with hand-coded coders -- it's so difficult that it may be easier to build codebase- specific IDL compilers. Plus waiting for tooling would delay other important enhancements. Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
