hagrid should pad the size of returned certificates
Currently, requesting two OpenPGP certificates by fingerprint from keys.openpgp.org
leaks the size of the certificate to a network observer. (requesting certificates by user ID might also leak the length of the User ID from the client side, but clients can choose to mask that with an additional query parameter for padding)
It would be nice for hagrid to pad certificates when returning them to avoid leaking some information about the size of the certificates.
Choosing a good padding policy is tricky, but any attempt at padding would be an improvement over leaking the size of each certificate directly.
For starters, how about just padding to the nearest kilobyte?