Hi, I had a discussion with Daniel Khan Gillmor today, and we talked about his proposal to specify a padding option in TLS so that message-size based correlation attacks on encrypted DNS packets could be prevented. We continued discussing other options (such as "artificial" RRs in the additional section), and I floated the idea that we could use EDNS0 to include padding in DNS packets.
So, I've created a quick-and-dirty strawman proposal draft for this idea, and i'm happy to discuss this during tomorrow's DPRIVE session if we have time: https://www.ietf.org/id/draft-mayrhofer-edns0-padding-00.txt Bring out the pitchforks and torches :) Alex _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
