Comments on the TLS 1.1 draft

Given that this is probably my last chance to gripe about things:

Section 6.2.1 says:

  Application data is generally of lower precedence for transmission than
  other content types and therefore handshake records may be held if
  application data is pending.

Wouldn't application data be of higher precedence if it can pre-empt handshake
data?

Section 6.3, this is somewhat misleading, the cipher spec that requires the
most key material isn't 3DES_EDE_CBC_SHA but AES_256_CBC_SHA, even if it's
defined elsewhere.

(Shouldn't the RFC 3268 suites be folded into the TLS 1.1 spec?  It seems like
 a good idea to have them all in the same document, at the moment TLS 1.1
 doesn't even hint that there are AES suites, and in particular suites that
 actually require more keying material than 3DES_EDE_CBC_SHA).

More section 6.3: The mention of IV generation for < TLS 1.1 has been
completely excised, apart from a passing mention elsewhere that explicit IVs
are new for TLS 1.1.  Shouldn't there be some mention of this somewhere,
either in section 6.3 or in an appendix?  There are various historical notes
covering older usage (e.g. the lack of a length field in RSA encrypted data in
SSLv3), but the only way to find out about previous IV usage is to dig up old
copies of the spec.  Note that this change also applies to the keying-material
note, since with the additional implicit IV data the size increases still
further.

Peter.