]> Google Inc

agl@google.com

Security This memo describes the a TLS extension that can be used to pad ClientHello messages to a desired size.

Successive TLS versions have added support for more cipher suites and, over time, more TLS extensions have been defined. This has caused the size of the TLS ClientHello to grow and the additional size has caused some implementation bugs to come to light. At least some of these implementation bugs can be ameliorated by making the ClientHello even larger. This memo describes a TLS extension that can be used to pad a ClientHello to a desired size in order to avoid implementation bugs caused by certain ClientHello sizes.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

A new extension type ("padding(TBD)") is defined and MAY be included by the client in its ClientHello message.

enum { padding(TBD), (65535) } ExtensionType

The client MUST fill the padding extension completely with zero bytes, although the padding extension may be empty. The server SHOULD verify that the extension is either empty or contains only zero bytes, in order to avoid allowing the padding extension contents to be used as a side-channel. (Although the length of the extension can still be used as such.) The server MUST NOT echo the extension.

IANA is requested to assign an extension value for the padding extension from its ExtensionType registry.

&RFC2119; &RFC5246;