> If I understand correctly, the issue here is a difference between DTLS and > "Datagram cTLS". In DTLS, the syntax allows a client to parse handshake > messages from the server and discover that the message is actually a > ClientHello. I don't know that this is a good idea, or actually > implemented anywhere, or even formally "allowed", but it's at least > syntactically possible.
Yes. > In Datagram cTLS (as of -07), this is not possible. The parsing of > handshake messages depends on prior knowledge of who is the client and who > is the server. This is because CTLSServerPlaintext and CTLSClientPlaintext > are different structs, but they use the same ContentType. OK, "prior knowledge" explains everything :). I assumed all structures should be parsed as unique objects. RFC9146 and RFC9147 somehow confused me and made me think that by using CIDs it's allowed to reuse sockets A and B and then handle multiple connections through a single path. In that case you would have clients and servers on both sides. Inputs from this thread suggest that CIDs are meant for "NAT rebinding" purpuse only. -Kristijan _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
