On Wed, 23 Apr 2014 06:13:03 -0700, David McClain wrote:
. The design is just plain wrong.
Is that statement the benefit of hindsight knowledge, or do you have a more intelligent thought process behind it? (I can imagine the all-knowing smirk in the background, but I'd really like to know :-)
The exact opposite of all-knowing ;). In my opinion the TLS standard is too complex. Parts of it like the keep-alive, which is also a path MTU checking *framework*, as criticized by me (and further down discussed with Pascal).
Many security professionals have criticized the TLS committee for their standards. As a side note: OpenSSL has roughly 500k lines of code, I don't think its feasible to assure security on a code base of this magnitude.
If I imagine to implement a security protocol, e.g. "this code should be kept short and really really safe", and be confronted with e.g. the Heartbeat extension, I imagine despair.
So my conclusion is, a widely used security standard should be engineered well enough to be possible to implement correctly, even in a 4 digit ANSI C code base.