You stated that the format of onetime that is being used is sensitive information and there I must be encrypted in the inner header. While this is not a big issue for me, I can follow the line of argument.
However, I think the offset is much more sensitive information as it gives away information on pad usage.
Were all encrypted messages intercepted, were they sent in order, how big are the used pads at least, how much of a certain pad has been used, ...
You already have an encrypted inner header, so I'm not asking you to implement such only for hiding the offset.
Since this change would produce messages not readable by older versions, I suggest implementing this before release of 2.0 version.
Also, the pad id, which is part of outer header is not needed and currently unused.
I'd he happy to get rid of it (in fact I took it out of the version I'm personally using), it would only make sense to have it there at all of it were used for automatic pad detection when decrypting. But even then it should be optional.
Even though encrypting the offset is not information-theoretically secure, the leak would be much less obvious.
You stated that the format of onetime that is being used is sensitive information and there I must be encrypted in the inner header. While this is not a big issue for me, I can follow the line of argument. However, I think the offset is much more sensitive information as it gives away information on pad usage. Were all encrypted messages intercepted, were they sent in order, how big are the used pads at least, how much of a certain pad has been used, ... You already have an encrypted inner header, so I'm not asking you to implement such only for hiding the offset. Since this change would produce messages not readable by older versions, I suggest implementing this before release of 2.0 version. Also, the pad id, which is part of outer header is not needed and currently unused. I'd he happy to get rid of it (in fact I took it out of the version I'm personally using), it would only make sense to have it there at all of it were used for automatic pad detection when decrypting. But even then it should be optional. Even though encrypting the offset is not information-theoretically secure, the leak would be much less obvious.