On Mon 2015-09-21 04:43:27 -0700, Watson Ladd <watsonbl...@gmail.com> wrote: > Is this actually true in the second pull request? No: a moment of > actually reading reveals that the string is inside an AEAD encrypted > packet. There is no way in which this padding could be modified for > use in a side-channel attack.
In both pull requests, the padding is inside the AEAD encrypted packet. The intent, after all, is to create a mechanism that provides uncertainty about the length of the cleartext. See, for example: I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis by Brad Miller, Ling Huang, A. D. Joseph, and J. D. Tygar http://arxiv.org/abs/1403.0297 --dkg _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
