[openssl-dev] [openssl.org #3908] Patch fixing some heartbeat issues (vs latest git master)
Hanno Böck
hanno at hboeck.de
Sat Jun 13 13:43:25 UTC 2015
Serious question: Is there any valid use case for heartbeats in TLS or
DTLS?
(With valid use case I mean something like "I use it for this system",
not answers like "you could use it for xy")
I asked this question in the heartbleed aftermath a couple of times and
never got any reasonable answer. I have the feeling the only reason
this extension exists is that someone needed a topic for his thesis.
If this extension isn't used then I think it shouldn't be fixed. It
should be removed. I think complexity is responsible for a large chunk
of the problems TLS has these days, therefore everything that can be
removed should be.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150613/7f3b329e/attachment.sig>
More information about the openssl-dev
mailing list