On Mon, Aug 18, 2014 at 10:10:51AM +0100, t.p. wrote:
> Is there an attack based on the TLS Heartbeat, and if so, should it be
> included?
I don't think so, unless the extension is badly misimplemented
("heartbleed" in OpenSSL). The extension itself has sufficient checks
(in fact, bit stricter than "common sense" ones, which would also have
been sufficient).
Now, the heartbeat extension might not be designed well, but that is
different issue.
-Ilari
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
