Ok, thanks. This is close to my sense of it. Actually, I wasn't aware of the
the TLS 1.3 draft now explicitly addresses this in the Presentation Language
"Peers which receive a message which cannot be parsed according to the
(e.g., have a length extending beyond the message boundary or contain an
length) MUST terminate the connection with a "decoding_error" alert."
>>> Martin Thomson <martin.thom...@gmail.com> 09/21/16 9:25 AM >>>
On 21 September 2016 at 17:21, Andreas Walz
> Do you see any argument why ignoring such trailing data would be acceptable
> (or even desirable)?
Well, we exploited that to add extensions to the protocol once, so I
won't categorically rule it out, but in the case of
supported_groups/supported_curves, no good can come of ignoring
rubbish. Of course, it's hard to point to this being harmful as well
TLS mailing list