On Fri, Jan 6, 2023 at 9:28 AM Kristijan Sedlak <[email protected]> wrote:
> > If I understand correctly, the issue here is a difference between DTLS > and > > "Datagram cTLS". In DTLS, the syntax allows a client to parse handshake > > messages from the server and discover that the message is actually a > > ClientHello. I don't know that this is a good idea, or actually > > implemented anywhere, or even formally "allowed", but it's at least > > syntactically possible. > > Yes. > > > In Datagram cTLS (as of -07), this is not possible. The parsing of > > handshake messages depends on prior knowledge of who is the client and > who > > is the server. This is because CTLSServerPlaintext and > CTLSClientPlaintext > > are different structs, but they use the same ContentType. > > OK, "prior knowledge" explains everything :). I assumed all structures > should be parsed as unique objects. > > RFC9146 and RFC9147 somehow confused me and made me think that by using > CIDs it's allowed to reuse sockets A and B and then handle multiple > connections through a single path. In that case you would have clients and > servers on both sides. Inputs from this thread suggest that CIDs are meant > for "NAT rebinding" purpuse only. > Hmm, no, I don't think that's quite true. A server can serve multiple clients on the same 4-tuple using the CID. It's just that it will not generally act as a client. -Ekr > -Kristijan > >
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
