On Tuesday, November 24, 2015 6:52 AM, Daniel Kahn Gillmor > ... > I'm thinking we could add a sentence just before the last one here > "Applications MUST NOT send uninitialized memory in the padding octets." > to try to stave off another heartbleed opportunity.
Please don't do that. The draft already provides the simple recommendation, "just set it to zero," which is the path of least effort for lazy programmers. In fact, the very lazy programmers will probably just not use padding at all. So you are worried about the hypothetical programmers who are too clever by half. But there are so many hypothetical things that such hypothetical types could do wrong, you don't want to spend time enumerating each and any of them. -- Christian Huitema _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
