> Since then, I've seen exactly ZERO rationale why the cleartext contenttype,
> which has existed through SSLv3->TLSv1.2 would be a problem.
Because it's kind of implied in the charter, about making as much private as
possible.
> years), because it is actively being used to signal state of the communication
> channel to the application and to *NOT* break application architecture that
> relies on (new) application data remaining visible on network sockets as
> "network readable" events.
One app's data is another adversary's oracle. Or is it that "signals have no
morals"?
/r$
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: [email protected] Twitter: RichSalz
_______________________________________________
TLS mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/tls
