On Thursday, 21 November 2019 07:35:09 CET, Rob Sayre wrote:
On Wed, Nov 20, 2019 at 10:25 PM David Schinazi <dschinazi.i...@gmail.com>
wrote:
Hi Rob,
The SHOULD from your point (1) is there to address Daniel's concern about
IoT.
Is the idea that excess tickets would be wasteful? I think that's true, but
I would also not want an IoT device that crashed or performed
unnecessarily-poorly while processing excess tickets.
an IoT device that can be crashed by server just sending valid and expected
messages is horribly broken
if it can't handle such messages, I seriously doubt it would handle
messages
from an actual attacker (which, need I remind, MUST be handled correctly
and
result in orderly connection shutdown, one that hopefully includes Alert
messages)
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
