Re: [TLS] proposal to encrypt ContentType for TLS 1.3

Daniel Kahn Gillmor <> Mon, 14 July 2014 14:30 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1358C1A063A for <>; Mon, 14 Jul 2014 07:30:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id M0iUmiDfUVN5 for <>; Mon, 14 Jul 2014 07:30:23 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id B4DCC1A05C0 for <>; Mon, 14 Jul 2014 07:30:23 -0700 (PDT)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id BC32CF984; Mon, 14 Jul 2014 10:30:20 -0400 (EDT)
Message-ID: <>
Date: Mon, 14 Jul 2014 10:30:11 -0400
From: Daniel Kahn Gillmor <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Icedove/30.0
MIME-Version: 1.0
References: <>
In-Reply-To: <>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="Kqw0CEelS4gpooNWft35bPEm9VHARL6fQ"
Subject: Re: [TLS] proposal to encrypt ContentType for TLS 1.3
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 14 Jul 2014 14:30:28 -0000

On 07/14/2014 10:12 AM, Martin Rex wrote:
> Daniel Kahn Gillmor wrote:
>> The fact that network-facing code won't know with certainty when a
>> handshake completes and when application data starts flowing seems like
>> a feature, not a bug, if we want to protect the communication.
> I definitely see it as a feature.

I'm glad to hear it :)

> The bug here would be an unnecessary difference to existing TLS protocol versions.
> Drop-in replacement of only the TLS stack will be impossible.

Yes, I'm suggesting that for people in the unusual situation of having
moved their network i/o state machine entirely outside of their TLS
stack, they'll want to update their network i/o state machines first (to
understand the new traffic patterns), before upgrading their TLS stacks
to support TLS 1.3.

It seems entirely possible that this will be the case anyway, given the
new handshake flows proposed for TLS 1.3.

I don't think this is a good reason to avoid the improvement.