Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?

Aaron Zauner <> Tue, 01 December 2015 13:15 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 347E21B2D20 for <>; Tue, 1 Dec 2015 05:15:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4AXDM2scqoUa for <>; Tue, 1 Dec 2015 05:15:07 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4EAB01B2D15 for <>; Tue, 1 Dec 2015 05:15:07 -0800 (PST)
Received: by lfaz4 with SMTP id z4so7553145lfa.0 for <>; Tue, 01 Dec 2015 05:15:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gmail; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=J1puTTTmuEtUbgHdRCwFbgYRbXV60tn6x+vNQ1/AinU=; b=d0iIzinkM+0u1ByhDQLBl53UJ9l32BRxid/dPeSDZSbITGORrPkxbH9mLPQtnhSetq Gz0OejTaR7RkPpHSDSgGWg99BzEf6+9JaY/y7M/p+Qqp3cgIJY47y0VXg765EK9tTEQc alyEfwT8UGMFbS15gPuSmQoPJGMBu2GK7rSyU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=J1puTTTmuEtUbgHdRCwFbgYRbXV60tn6x+vNQ1/AinU=; b=TXYk58rP50I7w+2Dl4L+1xwW1XOxYnujRXi5SuACtwl/NHFhY8fy8sRkFOw7SQGJ43 wDmTUUwP18OcRJ3IbbESuIzsANP4JuVD0juUFy8TFiCEhkYsoaQS9c8xpZz4pmQ4XnQu 88E7jxnR4Lkn34drDj0F4VmIk6KQ+enq67cMQJxiMg8/Ye7MgRFrWHdoi4V72cxIJ6hS 56P5z3Q8kAMKCoTEROdBqiY2CzDhAjl7558llQ68M1GudObJFZc+Nv+x1beiOujXcMcf bqI8q1+N75+P9LOYSU1I1xQG5UqLdNYAEGTM+xj8p01H2kmW8z8BEEqzolY97whDmuGx z2qw==
X-Gm-Message-State: ALoCoQmyrPVQHVyySSSQoFb8uD9OlWc9F3PV100nXT2+cEjhbkivpTP21zrwgIjDjGpE0sSfPCWM
X-Received: by with SMTP id nv2mr17392953lbb.17.1448975705447; Tue, 01 Dec 2015 05:15:05 -0800 (PST)
Received: from [] ([]) by with ESMTPSA id sv10sm5387127lbb.46.2015. (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 01 Dec 2015 05:15:04 -0800 (PST)
Message-ID: <>
Date: Tue, 01 Dec 2015 14:15:00 +0100
From: Aaron Zauner <>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: Hubert Kario <>
References: <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.2.3
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="------------enig0CA8B1857FF51B7DC1BBB37D"
Archived-At: <>
Subject: Re: [TLS] Encrypting record headers: practical for TLS 1.3 after all?
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Dec 2015 13:15:09 -0000


Hubert Kario wrote:
> then we need Best Current Practice for applications describing to them 
> how TLS needs to be used, e.g. make sure that they are doing writes as 
> big as possible, checking if timing of responses doesn't leak much 
> information, etc. Forcing TLS implementation to combine writes will 
> easily cause serious problems with interactivity of sessions...

FYI: similar IETF documents like that exists for TLS (up to 1.2)
already. Might make sense to update them or have similar ones when time
comes. Though spreading everything out over a lot of documents makes it
harder for implementers to find all the information they might be
looking for, IMO. Actually, as far as I understand the whole objective
of UTA-WG is putting out documents like that (Utilizing TLS in