Alex, At 2015-11-15 21:33:25 +1300 Alex Mayrhofer <alex.mayrhofer.i...@gmail.com> wrote:
> > On Fri, 06 Nov 2015 10:43:10 +1300 > > Alex Mayrhofer <alex.mayrhofer.i...@gmail.com> wrote: > > ... > > > This might have been your intent, but I read it the same as Ashu did. > > Ok, I understand that the text seems to be unclear. However, my > intentions were actually twofold, namely: > > 1) A Responder MAY (?... ) check the payload for non-0x00 octets. < > 2) the error code to use for malformed payload is FORMERR. > > I perfectly understand that most Responders will not want to check > this ( for performance reasons), and I think the above statements > would allow for that. Okay, I think that this is quite reasonable. Text simply saying that is fine with me. Perhaps something like: "A Responder MAY check the payload for non-0x00 octets. If any are discovered, then this is a malformed payload, and the Responder should use the FORMERR return code." > > Further, I don't think there is any possible benefit for this > > check. > > I think there is. It discourages the use of the payload as a covert > channel. While a high performance Auth server might not want to check > this, a firewall might definitely want to validate the payload for > security reasons. In principle EDNS0 padding is mostly used to prevent attackers from using packet size as a way to do traffic analysis on queries, right? So mostly this will be within encrypted packets (or streams), and in general a firewall or other middlebox will not have access to the contents of the packet. Still, I suppose that it is worthwhile documenting that using EDNS0 padding as a covert channel is a Bad Idea(tm) and that Responders may check this for the purpose of discouraging such usage. > > The most likely result is going to be that implementors will read > > this and think that they need code in there to confirm that all > > bytes are 0. > > > Understood. I mainly wanted to remove ambiguity about the response > code to use in this case. Cool. > > I feel pretty strongly that this text should be left out. > > What about splitting the text into its two logical parts, according > to my two points above? Would that work? Yes, I think this is reasonable. Cheers, -- Shane _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
