On Thu, Jan 5, 2023 at 9:37 AM Eric Rescorla <[email protected]> wrote: ...
> On Wed, 4 Jan 2023 at 17:10, Eric Rescorla <[email protected]> wrote: >> > When would this actually happen? >> >> Assuming this could happen, then the RFC should surely mention the >> possibility, and perhaps be reworked to avoid raising an error. >> > > Perhaps? > > This has been a feature of DTLS (and in fact TLS) since the very beginning > and I have not seen cause > significant confusion in the wild. > > -Ekr > If I understand correctly, the issue here is a difference between DTLS and "Datagram cTLS". In DTLS, the syntax allows a client to parse handshake messages from the server and discover that the message is actually a ClientHello. I don't know that this is a good idea, or actually implemented anywhere, or even formally "allowed", but it's at least syntactically possible. In Datagram cTLS (as of -07), this is not possible. The parsing of handshake messages depends on prior knowledge of who is the client and who is the server. This is because CTLSServerPlaintext and CTLSClientPlaintext are different structs, but they use the same ContentType.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
