On Friday, September 25, 2015 01:10:37 pm Martin Rex wrote: > Because it is not necessarily immediately obvious, you will need > padding also for the Server Certificate handshake messages. > And, because the key exchange is side-effected by properties of > the Server Certificate, you may additionally need padding for the > ServerKeyExchange and ClientKeyExchange handshake messages, so > that the protocol doesn't leak of one of the service uses > an RSA certificate and the other uses an ECDSA (or EdDSA) certificate.
This sounds like a good argument to come up with a default padding scheme for all handshake messages for even clients that don't use application data padding. Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls