Max Rottenkolber max@mr.gy writes:
On Thu, 24 Apr 2014 18:13:35 +0200, Pascal J. Bourguignon wrote:
a dead process sending fixed or previsible packets
I didn't think of that. So basically you ensure the responding connection isn't compromised by exercising the encryption, which is the hardest to fake for a malicious attacker. Makes sense... Shame on me! :)
What about a fixed length input though (and maybe answering with a digest)? It still seems to me that the specified behavior is overly arbitrary/error prone.
The introduction of the protocol says:
The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation and a basis for path MTU (PMTU) discovery for DTLS.
So the variable size of the packet is used for this later feature, discovery of path MTU or PMTU.