On Mon, Oct 21, 2019 at 12:10 PM Stephen Farrell <[email protected]> wrote:
> > Hiya, > > On 21/10/2019 20:01, Rob Sayre wrote: > > On Mon, Oct 21, 2019 at 11:41 AM Stephen Farrell < > [email protected]> > > wrote: > > > >> My guess is that all of the above will lead to everyone > >> always using 260 for this value, making it pointless > >> and somewhat wasteful. > >> > > > > Whether it's wasteful depends on how big typical ClientHello (without > early > > data) messages are. If they'll easily fit in one packet, 260 doesn't > matter. > > I don't think we ought be so confident of that. TLS is > so broadly used that there may be other circumstances > now or in future where this would be a problem that'd > cause ESNI to not be used. It seems prudent to use fewer > bytes when that's possible (so long as we don't expose > the actual SNI length). > I have seen MTUs under 1500 many times, but nothing under 1200. Is there data on this? (I honestly haven't seen any) > > Removing the padding_length field also removes a way > in which server configurations can be broken (if some > server admin sets a too-low value), which is also a > more prudent design than we currently have. > I think padding_length makes sense as a minimum. As a maximum, it could actually be an attack as well. thanks, Rob
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
