On 12/16/2020 5:04 PM, Fernando Gont
wrote:
On 13/12/20 19:47, Joe Touch wrote:
On Dec 13, 2020, at 1:54 PM, Eric Rescorla <ekr@xxxxxxxx> wrote:
My position is that modern practice is to design protocols that have encryption
(this is strongly encouraged by RFC 7258 and also is just what we're doing)
and this document neither (a) engages with that nor (b) provides particularly
helpful guidance for encrypted protoco
+1
I don’t like the idea of over-specification to provide partial privacy or security.
It's quite the opposite.
Our document requires specifications to spell out the interoperability requirements, because quite too often speficiations specify things they need not.
For example, the QUIC spec specifies sequence numbers start at 0. *That* is an over specification. Because sequence numbers need not start at zero.
QUIC does not mandate that sequence numbers start at 0.
Implementations can choose to start at random numbers, with the
limitation that these numbers shall be lower than 2^32. That
functionality had been verified in interop testing. There just are
not too many benefits in doing that.
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
