How about making fixed length(s) for each message type, then pad it with 0x01 then optional 0x00s?
Quynh. ________________________________________ From: TLS <tls-boun...@ietf.org> on behalf of Dave Garrett <davemgarr...@gmail.com> Sent: Friday, September 25, 2015 2:11 PM To: tls@ietf.org; m...@sap.com Subject: Re: [TLS] Encrypted SNI (was: Privacy considerations - identity hiding from eavesdropping in (D)TLS) On Friday, September 25, 2015 01:10:37 pm Martin Rex wrote: > Because it is not necessarily immediately obvious, you will need > padding also for the Server Certificate handshake messages. > And, because the key exchange is side-effected by properties of > the Server Certificate, you may additionally need padding for the > ServerKeyExchange and ClientKeyExchange handshake messages, so > that the protocol doesn't leak of one of the service uses > an RSA certificate and the other uses an ECDSA (or EdDSA) certificate. This sounds like a good argument to come up with a default padding scheme for all handshake messages for even clients that don't use application data padding. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
