> On 6 Dec 2015, at 4:44 AM, Watson Ladd <[email protected]> wrote:
>
> If you disagree, please cite the sentence of the TLS
> RFC which prohibits accepting application data records during the
> handshake.
OK, I’ll bite. Top of page 36:
Client Server
ClientHello -------->
ServerHello
Certificate*
ServerKeyExchange*
CertificateRequest*
<-------- ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished -------->
[ChangeCipherSpec]
<-------- Finished
Application Data <-------> Application Data
Figure 1. Message flow for a full handshake
See? Application data goes *after* the Finished message. Not between
ClientHello and anything else. Now this swim track diagram may not look like a
formal definition, but RFCs are written to be processed by humans, not
computers. If I add some application data in the middle there like this:
Client Server
ClientHello -------->
ServerHello
Certificate*
ServerKeyExchange*
CertificateRequest*
<-------- ServerHelloDone
Application Data
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished -------->
[ChangeCipherSpec]
<-------- Finished
Application Data <-------> Application Data
Any human can see that this is not the same as what’s in Figure 1, and thus is
wrong. We don’t need the RFC to provide a regular expression or a state machine
diagram to figure that out.
Yoav
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
