On Tue, Jun 12, 2018 at 10:55 AM Kyle Nekritz <knekr...@fb.com> wrote: > > Since the Certificate message is sent in an encrypted record, the normal > record padding mechanism (section 5.4) can be used, rather than sending the > padding as actual handshake data.
Of course, and that requires padding on the fly and some way for the sender to know what is the correct amount of padding per Certificate. Plumbing up that API seems non-trivial. In comparison, one could imagine pre-padding wire-encoded Certificate messages a priori using the extension. So I still think restricting padding to CH is a bit extreme. Best, Chris _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
