This brings up an interesting point; having a record length that corresponds to
the TCP segment size can help hardware implementations such that they don't
need to deal with scatter/gather; i.e. one TCP segment corresponds to a single
TLS record. This goes along with 8 (or 4) byte record lengths for hardware
implementations.
--
-Todd Short
// Sent from my iPhone
// "One if by land, two if by sea, three if by the Internet."
> On Nov 29, 2015, at 8:40 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
>
> Nikos Mavrogiannopoulos <n...@redhat.com> writes:
>
>> I believe your proposal is a nice example of putting the cart before the
>> horse. Before proposing something it should be clear what do you want to
>> protect from, what is the threat?
>
> Exactly. If you want to thwart traffic analysis, you need to do something
> like what's done by designs like Aqua ("Towards Efficient Traffic-analysis
> Resistant Anonymity Networks"), or ideas from any of the other anti-traffic-
> analysis work that's emerged in the past decade or two. You get traffic
> analysis resistance by, for example, breaking data into fixed-length
> packets, using cover traffic, and messing with packet timings, not by
> encrypting TLS headers.
>
> Peter.
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
