On Mon 2015-11-16 11:32:57 -0500, Shane Kerr wrote:
> Probably a paragraph saying "turn off TLS compression" is a better
> approach than trying to figure out how to defeat the compression?
yes, please. The consensus of the TLS WG is that compression simply
does not belong at the TLS layer, that it was a mistake to put it there
in the first place, and that it will not be supported in the future.
Any attempt at compression needs to happen at the application layer
itself with full knowledge of the risks and tradeoffs. This implies that
if DNS cares about compression, it needs to write DNS-specific
compression rules, and those rules themselves need to clearly grapple
with what to do with packet padding when DNS-specific compression is
used.
I'm not proposaing that the DNS community do any sort of work on
compression right now. We just need a simple statement that padding is
only expected to be useful against traffic analysis under encrypted
and non-compressed connections.
--dkg
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
