Max Rottenkolber <max@mr.gy> writes:
On Thu, 24 Apr 2014 18:13:35 +0200, Pascal J. Bourguignon wrote:
a dead process sending fixed or previsible packets
I didn't think of that. So basically you ensure the responding connection isn't compromised by exercising the encryption, which is the hardest to fake for a malicious attacker. Makes sense... Shame on me! :)
What about a fixed length input though (and maybe answering with a digest)? It still seems to me that the specified behavior is overly arbitrary/error prone.
The introduction of the protocol says: The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation and a basis for path MTU (PMTU) discovery for DTLS. So the variable size of the packet is used for this later feature, discovery of path MTU or PMTU. -- __Pascal Bourguignon__ http://www.informatimago.com/ "Le mercure monte ? C'est le moment d'acheter !"