On 16 March 2016 at 09:52, Colm MacCárthaigh <c...@allcosts.net> wrote: > At a minimum: could we agree that if a service/site is sensitive to privacy > - it's reasonable for them to prefer AES-CBC; should they be penalized in > SSL health analysis tools/reports for that configuration? it's not as > flexible or useful as the padding in TLS1.3, but it's what we have.
If a site wants to actively do something to make length-hiding harder - to the point where they're go in and prefer CBC ciphersuites - why not just add 5 lines of code to a header template, to insert some random data in a HTML comment? I'm one of the biggest proponents for padding in TLS 1.3... and hope to see it used to make deployments of length-hiding and traffic analysis harder, so the HTML comment or similar tricks would be easier, more robust, and not require site modifications. But I don't think going back to CBC mode is a good idea. -tom _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls