Hi Ekr,
As for EtMEncrypt-then-MAC: struct { uint8 marker = tls12_cid; uint8 cid_len; uint8 content_type = tls12_cid; \ uint16 DTLSCiphertext.version; | appears on wire uint64 seq_num; // includes epoch | opaque cid[cid_len]; / uint16 iv_length; opaque IV[iv_length]; uint16 enc_content_length; opaque enc_content[enc_content_length]; };
I failed to understand the reasons behind this proposal. 1. Why should the "marker" be added, if the "content_type" is already in the MAC, and this special MAC is only applied for tls12_cid records. What is the intended benefit of that? 2. Why should a "uint16 iv_length" be added? 2.a If it should be added, why as "uint16" instead of "uint8" 2.b If it should be added, why in the middle? It's not on the wire and so I would assume, if at all, to have that at the begin. best regards Achim Kraus _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
