---- Shane Kerr schrieb ----
> Alex, > > On Fri, 06 Nov 2015 10:43:10 +1300 > Alex Mayrhofer <[email protected]> wrote: ... > This might have been your intent, but I read it the same as Ashu did. Ok, I understand that the text seems to be unclear. However, my intentions were actually twofold, namely: 1) A Responder MAY (?... ) check the payload for non-0x00 octets. 2) the error code to use for malformed payload is FORMERR. I perfectly understand that most Responders will not want to check this ( for performance reasons), and I think the above statements would allow for that. > Further, I don't think there is any possible benefit for this check. I think there is. It discourages the use of the payload as a covert channel. While a high performance Auth server might not want to check this, a firewall might definitely want to validate the payload for security reasons. > The most likely result is going to be that implementors will read this > and think that they need code in there to confirm that all bytes are 0. Understood. I mainly wanted to remove ambiguity about the response code to use in this case. > I feel pretty strongly that this text should be left out. What about splitting the text into its two logical parts, according to my two points above? Would that work? Alex
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
