I understand needing a unique identifier to distinguish between heartbeats ... but why conflate the heartbeat with Path MTU, which is an orthogonal process.
Is it really that much less efficient to do Path MTU with a different message/system/module? Why absorb this function into the OpenSSL pacakge?
I feel I am still missing something about the way this system works. Perhaps I just need to educate myself more on security and networking.
> I understand needing a unique identifier to distinguish between heartbeats ... but why conflate the heartbeat with Path MTU, which is an orthogonal process.
The only people who can accurately answer that are the author of the RFC/code, and the TLS committee members who discussed the changes.
From a security standpoint, it is more dangerous to commingle the two, because a bug in one side (path MTU) will also effect the other half (heartbeat). And that is exactly what happened.
> Why absorb this function into the OpenSSL pacakge?
Unknown. Path MTU discovery is supposed to be handled at a low layer in the OSI network stack abstraction (closer to the physical hardware) such that higher level layers/apps should not need to care. Putting it into TLS the protocol is a blatant layering violation.
Is it really that much less efficient to do Path MTU with a different message/system/module? Why absorb this function into the OpenSSL pacakge?
I feel I am still missing something about the way this system works. Perhaps I just need to educate myself more on security and networking.