Tim Shepard <[email protected]> writes: > It seems to me you have a choice of what sort of TLV encoding to use > at this point. Is there any good reason not do use the same sort of > TLV scheme that TLS uses today, so that at least as far as the TLV > framing protocol the two proposals would be the same?
As far as I understand, TLS MACs then encrypts the data. (Apologies if I've misread RFC5246.) The best current practice is to encrypt then MAC the ciphertext. Since there's no need to be compatible, we might as well use the best practices as of 2015. See, e.g.: http://cseweb.ucsd.edu/~mihir/papers/oem.pdf David _______________________________________________ Tcpinc mailing list [email protected] https://www.ietf.org/mailman/listinfo/tcpinc
