Daniel Kahn Gillmor wrote: > On Thu 2016-06-16 11:26:14 -0400, Hubert Kario wrote: >> wasn't that rejected because it breaks boxes that do passive monitoring >> of connections? (and so expect TLS packets on specific ports, killing >> connection if they don't look like TLS packets) > > We're talking about the possibility of changing the TLS record framing > anyway, which would kill the simplest of those boxes. One theory is if > you're going to make such a break, you might as well pull the band aid > off in one fell swoop.
While I dislike monitoring boxes and hate intercepting proxies, changing of the TLS record framing (and hiding the ContentType) is going to break _the_endpoints_. If TLSv1.3 does that, its adoption curve will make IPv6 adoption appear fast by comparison. Please stop messing with the TLS record format. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls