Super-simple framing protocols often fall victim to attacks in which the adversary messes with the length in the frame header. See, for example, "Plaintext Recovery Attacks Against SSH": http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf
So be careful here.
- Ian
Over Tor it won't be a problem because Tor is authenticated. Thanks for the paper... I do really love to read papers like this.