Hiya, Was just adding code for this and I noticed that the draft says a server: "SHOULD pad the Certificate message, via padding at the record layer, such that its length equals the size of the largest possible Certificate (message) covered by the same ESNI key."
I think that ought also mention the CertificateVerify as that could also tell you something about the ESNI being used if the key lengths in the various certificates differ. More specific to openssl though, there isn't really a terribly easy way to do such fine-grained padding (that I've found so far), so to cover the above, and as there are likely many other ways that the ESNI could be exposed, it might be good to add that clients and servers could reasonably decide to pad all handshake messages or even all records. (That last being what is currently easiest with openssl, and hence what I've done for now with my proof-of-concept code:-) Cheers, S.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
