As dkg already said, I'm slightly worried that when we say "send random", lazy implementors might simply malloc() the space and send whatever was at that memory position before...
Alex ---- Christian Huitema schrieb ---- >On Friday, November 20, 2015 8:48 AM, Visweswaran, Gowri wrote: >> >> Re Stephen's comment: In the choice between zero and random padding I'm >> almost entirely in the "meh, just pick one and move on" camp, but if >forced to >> would side with putting in random crap and not zeros. I do think requiring >> checking of zeros on the receiver would be wrong. >> >> Rather than picking either zero or random, should we allow support for >both >> alternatives? > >Yes. > >I agree with Stephane's and Warren's analyses that trying to prevent covert >channels is futile. Let's keep it simple. I am also reluctant to mandate >randomness because this can be a very deep rabbit hole, and is not needed if >the local TLS stack does not do compression. > >What about SHOULD send zeroes, MAY send random, MUST NOT look at the >received padding? > >-- Christian Huitema > > > >
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
