On Wed 2015-11-18 15:45:51 -0500, Stephane Bortzmeyer wrote:
> On Wed, Nov 18, 2015 at 11:30:53AM +1300,
> Alex Mayrhofer <[email protected]> wrote
> a message of 207 lines which said:
>
>> - I think we should stick with requiring 0x00 padding (I am avoiding
>> the term 'payload' here for a reason). This would prevent the abuse
>> as a covert channel,
>
> -1 for me. I agree with Mark Andrews that "preventing the use as a
> covert channel" is a non-goal (you cannot prevent two willing entities
> to set up anything as a covert channel).
I agree that we can't prevent them, and that it probably doesn't make
sense to allow recipients of non-zero padding to reject the packets.
Consider that a recipient that is not padding-aware will not reject the
packets; having a padding-aware recipient reject them seems like an
extra interop failure. And as Alex said earlier:
>> If we find out this is really a problem, we can always define a
>> padding with more sophisticated contents which Updates or Obsoletes
>> this document. Requiring that a Responder ignores the contents would
>> create forward compatibility on the Responder end.
So i think that we should still say that a packet sender MUST pad with
all-zeros for this draft, even though a recipient MUST NOT reject a
query or response just because it a non-zero octet in its padding.
In addition to compatibility with future versions, we don't want to
encourage another heartbleed where uninitialized memory goes out on the
wire. And we don't want to encourage people to leak big chunks of their
raw CSPRNG output to their correspondent.
--dkg
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
