Andreas, At 2015-11-15 20:27:34 +0200 Andreas Gustafsson <[email protected]> wrote: > > I'm also wondering if there might be scenarios where the messages are > compressed before encryption. If that is the case, padding with zeros > is of limited value because they will mostly compress away, and the > ability to send data of similar compressibility to actual payload > data, or data of unpredictable compressibility, would be useful.
It's an interesting idea, but I think I'd like to see some solid research on this. We understand how to add 0 bytes; I don't personally understand the implications of generating "similarly compressible" data to prevent attackers from doing traffic analysis. My own feeling is that we should proceed with 0-padding, and perhaps consider alternate schemes later if there is good guidance in the area of non-empty padding. Surely academics have looked at this! Do you have pointers to some papers covering this approach? Cheers, -- Shane _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
