On Wed, 18 Nov 2015, Daniel Kahn Gillmor wrote:
So i think that we should still say that a packet sender MUST pad with
all-zeros for this draft, even though a recipient MUST NOT reject a
query or response just because it a non-zero octet in its padding.
In addition to compatibility with future versions, we don't want to
encourage another heartbleed where uninitialized memory goes out on the
wire. And we don't want to encourage people to leak big chunks of their
raw CSPRNG output to their correspondent.
+1
Paul
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
