> On 30 Dec 2017, at 7:03, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > > Jitendra Lulla <lull...@yahoo.com> writes: > >> The client can have a rogue TLS implementation with the following intentional >> changes: >> >> 0. Choose CBC with AES256-SHA56 or any other heavier (in terms of processing >> power requirements) and non paralleliz'able cipher suite. >> >> 1. After the handshake, always send all the TLS records (Application Data) >> plain text fragment size which is no greater than 1 Byte. >> >> 2. Always send a padding of max possible or big size (eg 256 Bytes) > > Apart from (2), that looks like interactive terminal traffic over TLS. The > large padding may also be natually sent by an implementation that's trying a > bit too hard to hide typing/traffic patterns.
Right. If you really want to hide typing patterns, you should send a big record every tenth of a second. Most of those would be zero-length fragments, but that’s OK. In fact, the rogue client can do even better by just sending a bunch of zero-length records. Yoav _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls