-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hiya, On 26/02/15 12:43, Brian Haberman wrote: > Are you thinking of looking at patterns of qname values/labels or > just some number of packets going towards a DNS resolver within a > certain time frame? > > If it is the latter, I think it is out of scope since that type of > analysis can be done on any type of traffic. If it is the former, > I agree that such analysis can be prevented with encryption of DNS > queries going to the resolver. I was thinking of the former, so in scope:-) However, even considering the latter, if we define some confidentiality service and if that does include some form(s) of padding then it may also be possible to mitigate analysis based on message sizes and numbers of packets. That is jumping ahead a whole bunch of steps though. S. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJU7xbGAAoJEC88hzaAX42iID0IAKd2eWb0Ev4uf3RtsqrCQ82V b29g4Ma9oavut1EiHYMZOTASmJlKbPT3pAk8scmZ0ARXhRPJIJheTasdRjPWrDwY kwbxdFy2zCwZBAS3UZYEe+pEKhct4qs27qdXSBtBr6BBWSlW1qEy5WW3XaM9CmgZ GJmpwmhy8ZBB33XKpxDDvoENY80/JuARCtdKj6G5JWu8lc7+pzJCMK59rb5l15NR IpTVP6oTmHsQyrXTTIR3S5tKvRo+jeDx6bWuyCUCfeq65sGD87WeXm1b2s7EUW1n tDlCYcB6Kl7i2i54f8p36VOw93wlkrw/79z3zgzZGUfaAuBkTXSGTpfG9W5gSgc= =/VJi -----END PGP SIGNATURE----- _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
