Re: [TLS] Why is padding still actively being used?

Dave Garrett <davemgarrett@gmail.com> Sun, 17 May 2015 19:32 UTC

Return-Path: <davemgarrett@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27EC91A9086 for <tls@ietfa.amsl.com>; Sun, 17 May 2015 12:32:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xXLdEYFeiMMK for <tls@ietfa.amsl.com>; Sun, 17 May 2015 12:32:33 -0700 (PDT)
Received: from mail-qg0-x22b.google.com (mail-qg0-x22b.google.com [IPv6:2607:f8b0:400d:c04::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7873B1A0334 for <tls@ietf.org>; Sun, 17 May 2015 12:32:33 -0700 (PDT)
Received: by qgf59 with SMTP id 59so6391462qgf.3 for <tls@ietf.org>; Sun, 17 May 2015 12:32:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=i9YZavd2HNqEnY87QSztPDiMtEnxfPCFD5sOFCTc8AU=; b=Z86YqZ+HntXSiyeRsWCmqsznEPnWVUAAyHGmh9vG/8kJA1FvrAeTDQVwKnOPzZq4We 8gXl8Mp9NPcsSSmC5aLDCaND1V14SXwU5ozfRoHeUhCKzNgzRvHaqCAWOYsAeO5WK8jy C1qKE3VpFHNld8J+Hb3f9LuBZcz6F+4YWhW3QJwf7rr7lQtjHCL52cbIUrcDMb/QfYKV GYbgHuM4YtzPCrJF0B1qHxZ72k7ddfVIHvPbZoPLu0ajTKTq0XpLRGsXmL+rXXjjvZTV MF9QKw+KySpoKXTqVrzG/FgP0AzlQVQa1FoMcDK+XGA8yT5XCkf1XLJdDLVm+7mR8f/6 THFA==
X-Received: by 10.140.133.199 with SMTP id 190mr3626403qhf.17.1431891152815; Sun, 17 May 2015 12:32:32 -0700 (PDT)
Received: from dave-laptop.localnet (pool-96-245-254-195.phlapa.fios.verizon.net. [96.245.254.195]) by mx.google.com with ESMTPSA id b109sm5552679qga.48.2015.05.17.12.32.32 (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 17 May 2015 12:32:32 -0700 (PDT)
From: Dave Garrett <davemgarrett@gmail.com>
To: tls@ietf.org
Date: Sun, 17 May 2015 15:32:30 -0400
User-Agent: KMail/1.13.5 (Linux/2.6.32-73-generic-pae; KDE/4.4.5; i686; ; )
References: <CAH8yC8nQKzht4g6+FwvmN1ULCz3a+2j=0UF4h=8h71XbcVjFDQ@mail.gmail.com> <20150517052936.GA26393@LK-Perkele-VII> <CA+cU71=doLRuHuFp84Rq3e87Ee5x8q1RURMShCrEkZUJbDFi2w@mail.gmail.com>
In-Reply-To: <CA+cU71=doLRuHuFp84Rq3e87Ee5x8q1RURMShCrEkZUJbDFi2w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201505171532.31109.davemgarrett@gmail.com>
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/Pxqy-6oWF-Ow71l1K24zmE1hDU4>
Subject: Re: [TLS] Why is padding still actively being used?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 May 2015 19:32:36 -0000

On Sunday, May 17, 2015 02:33:05 pm Tom Ritter wrote:
> On 17 May 2015 at 00:29, Ilari Liusvaara <ilari.liusvaara@elisanet.fi> wrote:
> > Thinking about padding, I think there should be some sort of
> > payload padding under AE, fro those applications that want to hide
> > lengths of messages.
> 
> https://github.com/tlswg/tls13-spec/pull/147
> 
> I believe this had achieved rough consensus in the March interim.

Is it really necessary to have a separate application_data_padded content type? It'd be simpler to just keep using existing types but amend it with a padding field and require it always be used at minimum to pad up to the nearest multiple of N-bytes. (something low for the default) Additional padding would be optional, but all data would get some minimum.


Dave