What does it mean to exceed the proffered EDNS0 buffer size with your padded response?
You're 'silent' on length, but surely the server should respect the EDNS0 size proffer as a limit? On Thu, Jul 23, 2015 at 6:50 PM, Alexander Mayrhofer < alexander.mayrho...@nic.at> wrote: > Hi, > > I had a discussion with Daniel Khan Gillmor today, and we talked about his > proposal to specify a padding option in TLS so that message-size based > correlation attacks on encrypted DNS packets could be prevented. We > continued discussing other options (such as "artificial" RRs in the > additional section), and I floated the idea that we could use EDNS0 to > include padding in DNS packets. > > So, I've created a quick-and-dirty strawman proposal draft for this idea, > and i'm happy to discuss this during tomorrow's DPRIVE session if we have > time: > > https://www.ietf.org/id/draft-mayrhofer-edns0-padding-00.txt > > Bring out the pitchforks and torches :) > > Alex > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
