On 12/4/15 9:56 PM, Jim Schaad wrote: > I will start by re-iterating my initial position that I would prefer that > the DTLS and TLS analysis is going to be the same in terms of masking the > header information. So I decided to do some thought experiments about what > happens if the length were to be encrypted and how many different situations > does this not appear to help the situation.
Why are you fixated on enumerating different situations where encrypting headers doesn't help, while completely ignoring situations where it can help? You could draw up an infinite list of scenarios in both categories. No security provision will address every possible attack scenario - padding definitely doesn't either! - but both header encryption and padding are complementary provisions that each make attacks more difficult for attackers in different ways. B
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
